CM-747: release chore: Upstream bump for v1.18.3 and rebase for v1.18.0 release

[PillaiManish]

Rebase downstream cert-manager-operator for v1.18.0 with upstream cert-manager v1.18.3.

• Prerequisite: Downstream v1.18.3 tag is pushed and synced https://github.com/openshift/jetstack-cert-manager/tags
• Bump deps with upstream cert-manager@v1.18.3

go get github.com/cert-manager/cert-manager@v1.18.3
go mod edit -replace github.com/cert-manager/cert-manager=github.com/openshift/jetstack-cert-manager@v1.18.3
go mod tidy && go mod vendor

• Update Makefile: BUNDLE_VERSION, CERT_MANAGER_VERSION, CHANNELS

- replace CERT_MANAGER_VERSION  ->  "v1.18.3"
- * make update
* make bundle

• More manual replacements

- replace "1.18.2" -> "1.18.3" (operand)

[openshift-ci-robot]

@PillaiManish: This pull request references CM-747 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Bumps cert-manager references from v1.18.2 to v1.18.3 across manifests, embedded assets, build files, go.mod, and tests; updates related image tags and some replace directives; removes base64 icon data in the CSV.

Changes

Cohort / File(s)	Summary
Makefile & build config Makefile, images/ci/operand.Dockerfile, config/manager/manager.yaml	Updated CERT_MANAGER_VERSION / RELEASE_BRANCH and OPERAND_IMAGE_VERSION from v1.18.2 → v1.18.3; updated acmesolver image tag.
Embedded bindata (cainjector) bindata/cert-manager-deployment/cainjector/*	Updated app.kubernetes.io/version labels and cainjector image tag from v1.18.2 → v1.18.3.
Embedded bindata (controller) bindata/cert-manager-deployment/controller/*, bindata/cert-manager-deployment/cert-manager/*	Updated app.kubernetes.io/version labels across ClusterRole/Role/Bindings, ServiceAccount, Service, and deployment templates; updated controller and acmesolver image tags v1.18.2 → v1.18.3.
Embedded bindata (webhook) bindata/cert-manager-deployment/webhook/*	Updated app.kubernetes.io/version labels and webhook image tag from v1.18.2 → v1.18.3.
Bundle manifests / CRDs bundle/manifests/*.yaml	Updated app.kubernetes.io/version labels in CRD and bundle manifests from v1.18.2 → v1.18.3.
CRD bases config/crd/bases/*.yaml	Updated CRD metadata annotations/labels app.kubernetes.io/version v1.18.2 → v1.18.3.
CSV / operator manifests bundle/manifests/cert-manager-operator.clusterserviceversion.yaml, config/manifests/bases/cert-manager-operator.clusterserviceversion.yaml	Updated description and RELATED_IMAGE/OPERAND_IMAGE_VERSION references to v1.18.3; removed icon base64data.
Go module changes go.mod	Bumped cert-manager dependency to v1.18.3; updated Go toolchain and several golang.org/x/* indirect dependencies; added replace directives (cert-manager → openshift fork v1.18.3, asciicheck replace).
Tests pkg/controller/deployment/deployment_overrides_test.go	Updated expected acme-http01-solver-image tag from v1.18.2 → v1.18.3.
Generated assets pkg/operator/assets/bindata.go	Regenerated embedded YAMLs to reflect version and image tag bumps to v1.18.3 across cert-manager components.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	The pull request description is clearly related to the changeset. It explains the rebasing of the downstream cert-manager-operator with upstream cert-manager v1.18.3 and details the steps taken: bumping dependencies via go mod commands, updating the Makefile (specifically CERT_MANAGER_VERSION to v1.18.3), running make update and make bundle, and performing manual replacements. These described actions directly correspond to the extensive version updates from v1.18.2 to v1.18.3 visible throughout the changeset across manifests, deployments, CRDs, configuration files, and dependencies.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.
Title Check	✅ Passed	The pull request title "CM-747: release chore: Upstream bump for v1.18.3 and rebase for v1.18.0 release" is directly related to the changeset's primary objective. The raw summary shows that the overwhelming majority of changes involve updating cert-manager version references from v1.18.2 to v1.18.3 across Makefile, YAML manifests, go.mod dependencies, and test files. The title accurately and specifically conveys this main change without using vague terminology, and a developer reviewing the repository history would clearly understand that this commit bumps the upstream cert-manager dependency to v1.18.3 as part of a release preparation workflow.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

bundle/manifests/cert-manager-operator.clusterserviceversion.yaml (1)

307-308: Update CSV description to reference cert-manager v1.18.3

The upgrade is for v1.18.3, yet the CSV description still claims we ship v1.18.2. This is inconsistent with the rest of the bump and will mislead customers and tooling that scrape the CSV metadata. Please align the description with the new operand version.

-    The cert-manager Operator for Red Hat OpenShift provides seamless support for [cert-manager v1.18.2](https://github.com/cert-manager/cert-manager/tree/v1.18.2), which automates certificate management.
+    The cert-manager Operator for Red Hat OpenShift provides seamless support for [cert-manager v1.18.3](https://github.com/cert-manager/cert-manager/tree/v1.18.3), which automates certificate management.

🧹 Nitpick comments (3)

rebase_automation.sh (3)

14-14: Remove unused REPO_ROOT variable.

The REPO_ROOT variable is defined but never used in the script. Consider removing it or using it consistently throughout the script instead of $SCRIPT_DIR.

Apply this diff:

-REPO_ROOT="$SCRIPT_DIR"

---

143-143: Refactor variable declarations to avoid masking return values.

Multiple variable declarations use command substitution in the same statement, which can mask failures. This is flagged by shellcheck (SC2034).

Example refactor for line 143:

-    local backup_branch="backup-$(date +%Y%m%d-%H%M%S)"
+    local backup_branch
+    backup_branch="backup-$(date +%Y%m%d-%H%M%S)"

Apply similar changes for:

• Lines 197-198: old_channel_version and new_channel_version
• Lines 272-273: old_channel_version and new_channel_version
• Lines 280-281: old_channel_version and new_channel_version
• Line 335: temp_file

Also applies to: 197-198, 272-273, 280-281, 335-335

---

315-319: Use mapfile for safer command output splitting.

The script uses command substitution with array assignment, which can fail with filenames containing spaces or special characters. Use mapfile (SC2207) for safer handling.

Apply this diff for lines 315-319:

-    local files_to_check=(
-        $(find . -type f \( -name "*.go" -o -name "*.yaml" -o -name "*.yml" -o -name "*.json" -o -name "*.md" -o -name "*.Dockerfile" \) \
-          -not -path "./vendor/*" \
-          -not -path "./.git/*" \
-          -not -path "./testbin/*" \
-          | grep -v "go.sum")
-    )
+    local files_to_check=()
+    mapfile -t files_to_check < <(find . -type f \( -name "*.go" -o -name "*.yaml" -o -name "*.yml" -o -name "*.json" -o -name "*.md" -o -name "*.Dockerfile" \) \
+          -not -path "./vendor/*" \
+          -not -path "./.git/*" \
+          -not -path "./testbin/*" | grep -v "go.sum")

Similarly for line 407:

-        local unique_files=($(printf '%s\n' "${changed_files[@]}" | sort -u))
+        local unique_files=()
+        mapfile -t unique_files < <(printf '%s\n' "${changed_files[@]}" | sort -u)

Also applies to: 407-407

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between b099c2f and 00331d8.

⛔ Files ignored due to path filters (204)

• go.sum is excluded by !**/*.sum
• vendor/github.com/tdakkota/asciicheck/.gitignore is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/tdakkota/asciicheck/.golangci.yml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/tdakkota/asciicheck/Makefile is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/tdakkota/asciicheck/README.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/tdakkota/asciicheck/asciicheck.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/mod/modfile/read.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/mod/modfile/rule.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/mod/modfile/work.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/mod/module/module.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/mod/semver/semver.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/frame.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/http2.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/trace/events.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/syscall_darwin.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_386.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_386.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_arm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/term/term_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/term/terminal.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/analysis.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/diagnostic.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/asmdecl/asmdecl.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/assign/assign.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/atomic/atomic.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/atomicalign/atomicalign.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/bools/bools.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/buildssa/buildssa.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/buildtag/buildtag.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/composite/composite.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/ctrlflow/ctrlflow.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/deepequalerrors/deepequalerrors.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/errorsas/errorsas.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/fieldalignment/fieldalignment.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/findcall/findcall.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/framepointer/framepointer.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/httpresponse/httpresponse.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/ifaceassert/ifaceassert.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/inspect/inspect.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/internal/analysisutil/util.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/loopclosure/loopclosure.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/lostcancel/lostcancel.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/nilfunc/nilfunc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/nilness/nilness.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/pkgfact/pkgfact.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/printf/printf.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/reflectvaluecompare/reflectvaluecompare.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/shadow/shadow.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/shift/shift.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/sigchanyzer/sigchanyzer.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/sortslice/analyzer.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/stdmethods/stdmethods.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/stringintconv/string.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/structtag/structtag.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/testinggoroutine.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/util.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/tests/tests.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/unmarshal/unmarshal.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/unreachable/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/unreachable/unreachable.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/unsafeptr/unsafeptr.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/unusedresult/unusedresult.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/validate.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/astutil/enclosing.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/astutil/imports.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/astutil/rewrite.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/astutil/util.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/edge/edge.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/inspector/cursor.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/inspector/inspector.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/inspector/iter.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/inspector/typeof.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/inspector/walk.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/buildutil/allpackages.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/buildutil/fakecontext.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/buildutil/tags.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/internal/cgo/cgo.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/loader/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/loader/loader.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/packages/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/packages/external.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/packages/golist.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/packages/golist_overlay.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/packages/loadmode_string.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/packages/packages.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/builder.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/const.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/dom.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/emit.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/func.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/instantiate.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/lift.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/mode.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/print.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/sanity.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/source.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/ssa.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/subst.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/typeset.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/util.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/wrappers.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/types/objectpath/objectpath.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/types/typeutil/callee.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/types/typeutil/map.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/analysisinternal/analysis.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/astutil/clone.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/astutil/comment.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/astutil/util.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/event/keys/keys.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/event/label/label.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/fmtstr/parse.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gcimporter/bimport.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gcimporter/exportdata.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gcimporter/iexport.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gcimporter/iimport.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gcimporter/support.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gocommand/invoke.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gocommand/invoke_notunix.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gocommand/invoke_unix.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gopathwalk/walk.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/imports/fix.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/imports/imports.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/imports/mod.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/imports/mod_cache.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/imports/sortimports.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/imports/source_env.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/imports/source_modindex.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/modindex/directories.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/modindex/index.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/modindex/lookup.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/modindex/modindex.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/modindex/symbols.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/modindex/types.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/packagesinternal/packages.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/pkgbits/decoder.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/stdlib/deps.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/stdlib/import.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/stdlib/manifest.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/stdlib/stdlib.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typeparams/common.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typeparams/coretype.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typeparams/free.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typeparams/normalize.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typeparams/termlist.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typeparams/typeterm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typesinternal/classify_call.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typesinternal/errorcode.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typesinternal/qualifier.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typesinternal/recv.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typesinternal/types.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typesinternal/varkind.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typesinternal/zerovalue.go is excluded by !vendor/**, !**/vendor/**
• vendor/modules.txt is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (61)

• Makefile (1 hunks)
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-deployment.yaml (3 hunks)
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-leaderelection-rb.yaml (1 hunks)
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-leaderelection-role.yaml (1 hunks)
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-sa.yaml (1 hunks)
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-svc.yaml (1 hunks)
• bindata/cert-manager-deployment/cert-manager/cert-manager-controller-approve-cert-manager-io-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/cert-manager/cert-manager-controller-approve-cert-manager-io-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/cert-manager/cert-manager-controller-certificatesigningrequests-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/cert-manager/cert-manager-controller-certificatesigningrequests-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-cert-manager-tokenrequest-rb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-cluster-view-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-certificates-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-certificates-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-challenges-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-challenges-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-clusterissuers-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-clusterissuers-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-ingress-shim-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-ingress-shim-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-issuers-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-issuers-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-orders-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-orders-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-deployment.yaml (3 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-edit-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-leaderelection-rb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-leaderelection-role.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-sa.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-svc.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-tokenrequest-role.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-view-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-deployment.yaml (3 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-dynamic-serving-rb.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-dynamic-serving-role.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-mutatingwebhookconfiguration.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-sa.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-subjectaccessreviews-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-subjectaccessreviews-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-svc.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-validatingwebhookconfiguration.yaml (1 hunks)
• bundle/manifests/acme.cert-manager.io_challenges.yaml (1 hunks)
• bundle/manifests/acme.cert-manager.io_orders.yaml (1 hunks)
• bundle/manifests/cert-manager-operator.clusterserviceversion.yaml (2 hunks)
• bundle/manifests/cert-manager.io_certificaterequests.yaml (1 hunks)
• bundle/manifests/cert-manager.io_certificates.yaml (1 hunks)
• bundle/manifests/cert-manager.io_clusterissuers.yaml (1 hunks)
• bundle/manifests/cert-manager.io_issuers.yaml (1 hunks)
• config/crd/bases/certificaterequests.cert-manager.io-crd.yaml (1 hunks)
• config/crd/bases/certificates.cert-manager.io-crd.yaml (1 hunks)
• config/crd/bases/challenges.acme.cert-manager.io-crd.yaml (1 hunks)
• config/crd/bases/clusterissuers.cert-manager.io-crd.yaml (1 hunks)
• config/crd/bases/issuers.cert-manager.io-crd.yaml (1 hunks)
• config/crd/bases/orders.acme.cert-manager.io-crd.yaml (1 hunks)
• config/manager/manager.yaml (1 hunks)
• go.mod (4 hunks)
• images/ci/operand.Dockerfile (1 hunks)
• pkg/controller/deployment/deployment_overrides_test.go (3 hunks)
• rebase_automation.sh (1 hunks)

🧰 Additional context used

🪛 Shellcheck (0.11.0)

rebase_automation.sh

[warning] 14-14: REPO_ROOT appears unused. Verify use (or export if used externally).

(SC2034)

---

[warning] 143-143: Declare and assign separately to avoid masking return values.

(SC2155)

---

[warning] 197-197: Declare and assign separately to avoid masking return values.

(SC2155)

---

[warning] 198-198: Declare and assign separately to avoid masking return values.

(SC2155)

---

[warning] 272-272: Declare and assign separately to avoid masking return values.

(SC2155)

---

[warning] 273-273: Declare and assign separately to avoid masking return values.

(SC2155)

---

[warning] 280-280: Declare and assign separately to avoid masking return values.

(SC2155)

---

[warning] 281-281: Declare and assign separately to avoid masking return values.

(SC2155)

---

[warning] 315-319: Prefer mapfile or read -a to split command output (or quote to avoid splitting).

(SC2207)

---

[warning] 335-335: Declare and assign separately to avoid masking return values.

(SC2155)

---

[warning] 407-407: Prefer mapfile or read -a to split command output (or quote to avoid splitting).

(SC2207)

🔇 Additional comments (27)

bundle/manifests/cert-manager.io_issuers.yaml (1)

13-13: Version label bump looks consistent.
Label now reflects v1.18.3, matching the release chore scope.

bindata/cert-manager-deployment/controller/cert-manager-view-cr.yaml (1)

9-9: RBAC manifest version tag aligns with v1.18.3.
No other changes needed in this snippet.

bindata/cert-manager-deployment/controller/cert-manager-controller-certificates-crb.yaml (1)

9-9: Version label bump looks good

Label now matches the v1.18.3 release target.

bundle/manifests/acme.cert-manager.io_orders.yaml (1)

13-13: CRD metadata updated correctly

The app.kubernetes.io/version label now aligns with the v1.18.3 bundle.

bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-sa.yaml (1)

10-10: ServiceAccount label aligned

Version label reflects v1.18.3 as expected.

bindata/cert-manager-deployment/controller/cert-manager-controller-ingress-shim-crb.yaml (1)

9-9: RBAC label bump confirmed

Ingress shim ClusterRoleBinding now references v1.18.3.

bindata/cert-manager-deployment/cert-manager/cert-manager-controller-approve-cert-manager-io-crb.yaml (1)

9-9: Approve binding label updated

Label correctly matches the v1.18.3 release tag.

bindata/cert-manager-deployment/controller/cert-manager-edit-cr.yaml (1)

9-9: ClusterRole metadata consistent

The version label now tracks v1.18.3; looks good.

bindata/cert-manager-deployment/controller/cert-manager-controller-issuers-cr.yaml (1)

9-9: Issuers role label verified

Version metadata matches the v1.18.3 rollout.

Makefile (1)

7-7: Version variable aligned
The CERT_MANAGER_VERSION bump to v1.18.3 matches the rest of the manifest updates.

config/crd/bases/certificaterequests.cert-manager.io-crd.yaml (1)

11-11: CRD metadata kept current
Label now reflects v1.18.3 as expected for this bump.

bindata/cert-manager-deployment/controller/cert-manager-leaderelection-role.yaml (1)

9-9: Leader election role synced
Version label correctly tracks v1.18.3.

bindata/cert-manager-deployment/controller/cert-manager-controller-challenges-cr.yaml (1)

9-9: Challenges ClusterRole updated
Metadata version aligns with the 1.18.3 release.

bindata/cert-manager-deployment/controller/cert-manager-controller-orders-cr.yaml (1)

9-9: Orders ClusterRole in sync
Label now matches v1.18.3 as required.

bindata/cert-manager-deployment/webhook/cert-manager-webhook-dynamic-serving-role.yaml (1)

9-9: Webhook role version refreshed
Metadata version correctly bumped to v1.18.3.

bindata/cert-manager-deployment/controller/cert-manager-controller-ingress-shim-cr.yaml (1)

9-9: Ingress shim metadata updated
Version label now reflects v1.18.3.

bundle/manifests/acme.cert-manager.io_challenges.yaml (1)

12-12: Bundle CRD version aligned
Label bump to v1.18.3 matches the overall release update.

bindata/cert-manager-deployment/controller/cert-manager-controller-issuers-crb.yaml (1)

9-9: LGTM! Version label updated correctly.

The version label has been consistently updated from v1.18.2 to v1.18.3, aligning with the PR's objective to perform an upstream bump.

pkg/controller/deployment/deployment_overrides_test.go (1)

36-36: LGTM! Test expectations updated correctly.

All test expectations for the acme-http01-solver-image have been consistently updated from v1.18.2 to v1.18.3, ensuring tests align with the new version.

Also applies to: 124-124, 176-176

bindata/cert-manager-deployment/controller/cert-manager-deployment.yaml (1)

9-9: LGTM! Version references updated consistently.

Both the version labels and container image tags have been updated from v1.18.2 to v1.18.3, maintaining consistency between metadata and runtime configuration.

Also applies to: 30-30, 37-37, 47-47

go.mod (3)

6-6: LGTM! Primary dependency updated correctly.

The cert-manager dependency has been updated from v1.18.2 to v1.18.3, aligning with the PR objectives.

---

301-301: LGTM! Replace directives updated correctly.

The replace directives have been properly updated:

• cert-manager points to openshift/jetstack-cert-manager v1.18.3
• asciicheck points to the correct golangci fork

These are consistent with the version bump and maintain the expected forked dependencies.

Also applies to: 305-305

---

24-24: Manual verification required: cannot execute build and tests in sandbox environment.

The go.mod file updates appear syntactically valid, but direct build and test verification cannot be performed in this sandbox (Go compiler and make command unavailable). The repository contains a Makefile, suggesting make build and make test are intended entry points for verification.

Please manually verify:

• Run make build to confirm the project compiles with these golang.org/x/ dependency updates
• Run make test to ensure all tests pass with the updated versions
• Check for any runtime regressions with the newer versions (particularly: crypto, net, sys, tools, mod)

The following golang.org/x/ packages were updated (review lines 254-266 in go.mod for the complete list):

• golang.org/x/tools v0.36.0
• golang.org/x/crypto v0.41.0
• golang.org/x/net v0.43.0
• golang.org/x/sys v0.35.0
• And others as indirect dependencies

bindata/cert-manager-deployment/webhook/cert-manager-webhook-deployment.yaml (1)

9-9: LGTM! Webhook version references updated consistently.

The webhook deployment's version labels and image tag have been updated from v1.18.2 to v1.18.3, maintaining consistency with the broader version bump.

Also applies to: 30-30, 46-46

rebase_automation.sh (1)

1-527: Helpful automation script for future rebases.

This script provides valuable automation for the version bump workflow, with:

• Clear step-by-step execution
• Dry-run capability for safety
• Auto-detection of current versions
• Comprehensive logging
• Git commit integration

The script will significantly reduce manual effort and potential errors in future rebase operations. After addressing the shellcheck warnings, this will be a solid addition to the repository's tooling.

bindata/cert-manager-deployment/controller/cert-manager-svc.yaml (1)

9-9: LGTM! Service version label updated correctly.

The version label has been updated from v1.18.2 to v1.18.3, maintaining consistency across all cert-manager service resources.

bindata/cert-manager-deployment/webhook/cert-manager-webhook-mutatingwebhookconfiguration.yaml (1)

11-11: LGTM! MutatingWebhookConfiguration version label updated correctly.

The version label has been updated from v1.18.2 to v1.18.3, completing the consistent version bump across all cert-manager webhook resources.

[PillaiManish]

/retest

[openshift-ci-robot]

@PillaiManish: This pull request references CM-747 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Rebase downstream cert-manager-operator for v1.18.0 with upstream cert-manager v1.18.3.

• Prerequisite: Downstream v1.18.3 tag is pushed and synced https://github.com/openshift/jetstack-cert-manager/tags
• Bump deps with upstream cert-manager@v1.18.3

go get github.com/cert-manager/cert-manager@v1.18.3
go mod edit -replace github.com/cert-manager/cert-manager=github.com/openshift/jetstack-cert-manager@v1.18.3
go mod tidy && go mod vendor

• Update Makefile: BUNDLE_VERSION, CERT_MANAGER_VERSION, CHANNELS

- replace CERT_MANAGER_VERSION  ->  "v1.18.3"
- * make update
* make bundle

• More manual replacements

- replace "1.18.2" -> "1.18.3" (operand)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[lunarwhite]

ci/prow/e2e-operator-tech-preview failed due to CI infra issue on hypershift hosted cluster creation: https://redhat-internal.slack.com/archives/CBN38N3MW/p1760606353798139?thread_ts=1760001336.767179&cid=CBN38N3MW

ci/prow/e2e-operator failed due to https://issues.redhat.com/browse/CM-735, hopefully it could be addressed by #324

[bharath-b-rh]

LGTM, just couple of nits.

[bharath-b-rh]

e2e failures are not because of the changes in this PR, and are safe to overridden.
/label docs-approved
/label px-approved

cc: @lunarwhite for qe-approved

[bharath-b-rh]

Line needs an update too.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 175c0f8 and 08938bb.

⛔ Files ignored due to path filters (199)

• go.sum is excluded by !**/*.sum
• vendor/golang.org/x/mod/modfile/read.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/mod/modfile/rule.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/mod/modfile/work.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/mod/module/module.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/mod/semver/semver.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/frame.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/http2.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/trace/events.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/syscall_darwin.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_386.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_386.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_arm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/term/term_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/term/terminal.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/analysis.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/diagnostic.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/asmdecl/asmdecl.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/assign/assign.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/atomic/atomic.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/atomicalign/atomicalign.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/bools/bools.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/buildssa/buildssa.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/buildtag/buildtag.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/composite/composite.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/ctrlflow/ctrlflow.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/deepequalerrors/deepequalerrors.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/errorsas/errorsas.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/fieldalignment/fieldalignment.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/findcall/findcall.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/framepointer/framepointer.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/httpresponse/httpresponse.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/ifaceassert/ifaceassert.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/inspect/inspect.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/internal/analysisutil/util.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/loopclosure/loopclosure.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/lostcancel/lostcancel.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/nilfunc/nilfunc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/nilness/nilness.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/pkgfact/pkgfact.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/printf/printf.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/reflectvaluecompare/reflectvaluecompare.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/shadow/shadow.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/shift/shift.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/sigchanyzer/sigchanyzer.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/sortslice/analyzer.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/stdmethods/stdmethods.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/stringintconv/string.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/structtag/structtag.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/testinggoroutine.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/util.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/tests/tests.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/unmarshal/unmarshal.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/unreachable/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/unreachable/unreachable.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/unsafeptr/unsafeptr.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/passes/unusedresult/unusedresult.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/analysis/validate.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/astutil/enclosing.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/astutil/imports.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/astutil/rewrite.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/astutil/util.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/edge/edge.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/inspector/cursor.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/inspector/inspector.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/inspector/iter.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/inspector/typeof.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ast/inspector/walk.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/buildutil/allpackages.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/buildutil/fakecontext.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/buildutil/tags.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/internal/cgo/cgo.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/loader/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/loader/loader.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/packages/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/packages/external.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/packages/golist.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/packages/golist_overlay.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/packages/loadmode_string.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/packages/packages.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/builder.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/const.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/dom.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/emit.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/func.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/instantiate.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/lift.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/mode.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/print.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/sanity.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/source.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/ssa.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/subst.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/typeset.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/util.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/ssa/wrappers.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/types/objectpath/objectpath.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/types/typeutil/callee.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/go/types/typeutil/map.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/analysisinternal/analysis.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/astutil/clone.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/astutil/comment.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/astutil/util.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/event/keys/keys.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/event/label/label.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/fmtstr/parse.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gcimporter/bimport.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gcimporter/exportdata.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gcimporter/iexport.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gcimporter/iimport.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gcimporter/support.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gocommand/invoke.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gocommand/invoke_notunix.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gocommand/invoke_unix.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/gopathwalk/walk.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/imports/fix.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/imports/imports.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/imports/mod.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/imports/mod_cache.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/imports/sortimports.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/imports/source_env.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/imports/source_modindex.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/modindex/directories.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/modindex/index.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/modindex/lookup.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/modindex/modindex.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/modindex/symbols.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/modindex/types.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/packagesinternal/packages.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/pkgbits/decoder.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/stdlib/deps.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/stdlib/import.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/stdlib/manifest.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/stdlib/stdlib.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typeparams/common.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typeparams/coretype.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typeparams/free.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typeparams/normalize.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typeparams/termlist.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typeparams/typeterm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typesinternal/classify_call.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typesinternal/errorcode.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typesinternal/qualifier.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typesinternal/recv.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typesinternal/types.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typesinternal/varkind.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/tools/internal/typesinternal/zerovalue.go is excluded by !vendor/**, !**/vendor/**
• vendor/modules.txt is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (62)

• Makefile (1 hunks)
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-deployment.yaml (3 hunks)
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-leaderelection-rb.yaml (1 hunks)
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-leaderelection-role.yaml (1 hunks)
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-sa.yaml (1 hunks)
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-svc.yaml (1 hunks)
• bindata/cert-manager-deployment/cert-manager/cert-manager-controller-approve-cert-manager-io-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/cert-manager/cert-manager-controller-approve-cert-manager-io-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/cert-manager/cert-manager-controller-certificatesigningrequests-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/cert-manager/cert-manager-controller-certificatesigningrequests-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-cert-manager-tokenrequest-rb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-cluster-view-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-certificates-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-certificates-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-challenges-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-challenges-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-clusterissuers-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-clusterissuers-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-ingress-shim-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-ingress-shim-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-issuers-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-issuers-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-orders-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-controller-orders-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-deployment.yaml (3 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-edit-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-leaderelection-rb.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-leaderelection-role.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-sa.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-svc.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-tokenrequest-role.yaml (1 hunks)
• bindata/cert-manager-deployment/controller/cert-manager-view-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-deployment.yaml (3 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-dynamic-serving-rb.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-dynamic-serving-role.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-mutatingwebhookconfiguration.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-sa.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-subjectaccessreviews-cr.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-subjectaccessreviews-crb.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-svc.yaml (1 hunks)
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-validatingwebhookconfiguration.yaml (1 hunks)
• bundle/manifests/acme.cert-manager.io_challenges.yaml (1 hunks)
• bundle/manifests/acme.cert-manager.io_orders.yaml (1 hunks)
• bundle/manifests/cert-manager-operator.clusterserviceversion.yaml (3 hunks)
• bundle/manifests/cert-manager.io_certificaterequests.yaml (1 hunks)
• bundle/manifests/cert-manager.io_certificates.yaml (1 hunks)
• bundle/manifests/cert-manager.io_clusterissuers.yaml (1 hunks)
• bundle/manifests/cert-manager.io_issuers.yaml (1 hunks)
• config/crd/bases/certificaterequests.cert-manager.io-crd.yaml (1 hunks)
• config/crd/bases/certificates.cert-manager.io-crd.yaml (1 hunks)
• config/crd/bases/challenges.acme.cert-manager.io-crd.yaml (1 hunks)
• config/crd/bases/clusterissuers.cert-manager.io-crd.yaml (1 hunks)
• config/crd/bases/issuers.cert-manager.io-crd.yaml (1 hunks)
• config/crd/bases/orders.acme.cert-manager.io-crd.yaml (1 hunks)
• config/manager/manager.yaml (1 hunks)
• config/manifests/bases/cert-manager-operator.clusterserviceversion.yaml (1 hunks)
• go.mod (4 hunks)
• images/ci/operand.Dockerfile (1 hunks)
• pkg/controller/deployment/deployment_overrides_test.go (3 hunks)
• pkg/operator/assets/bindata.go (48 hunks)

✅ Files skipped from review due to trivial changes (8)

• bindata/cert-manager-deployment/controller/cert-manager-controller-challenges-crb.yaml
• config/crd/bases/clusterissuers.cert-manager.io-crd.yaml
• bindata/cert-manager-deployment/controller/cert-manager-cluster-view-cr.yaml
• bindata/cert-manager-deployment/controller/cert-manager-view-cr.yaml
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-leaderelection-role.yaml
• bundle/manifests/cert-manager.io_certificaterequests.yaml
• bindata/cert-manager-deployment/controller/cert-manager-tokenrequest-role.yaml
• bindata/cert-manager-deployment/controller/cert-manager-controller-ingress-shim-crb.yaml

🚧 Files skipped from review as they are similar to previous changes (29)

• bindata/cert-manager-deployment/cert-manager/cert-manager-controller-approve-cert-manager-io-cr.yaml
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-leaderelection-rb.yaml
• bindata/cert-manager-deployment/controller/cert-manager-leaderelection-rb.yaml
• bindata/cert-manager-deployment/controller/cert-manager-cert-manager-tokenrequest-rb.yaml
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-svc.yaml
• config/crd/bases/challenges.acme.cert-manager.io-crd.yaml
• bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-deployment.yaml
• bindata/cert-manager-deployment/controller/cert-manager-deployment.yaml
• bindata/cert-manager-deployment/controller/cert-manager-edit-cr.yaml
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-subjectaccessreviews-crb.yaml
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-subjectaccessreviews-cr.yaml
• bindata/cert-manager-deployment/cert-manager/cert-manager-controller-approve-cert-manager-io-crb.yaml
• bindata/cert-manager-deployment/cert-manager/cert-manager-controller-certificatesigningrequests-crb.yaml
• config/crd/bases/certificaterequests.cert-manager.io-crd.yaml
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-sa.yaml
• bundle/manifests/cert-manager.io_certificates.yaml
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-mutatingwebhookconfiguration.yaml
• config/crd/bases/orders.acme.cert-manager.io-crd.yaml
• bundle/manifests/cert-manager-operator.clusterserviceversion.yaml
• bundle/manifests/cert-manager.io_clusterissuers.yaml
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-svc.yaml
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-validatingwebhookconfiguration.yaml
• bindata/cert-manager-deployment/controller/cert-manager-controller-orders-crb.yaml
• bindata/cert-manager-deployment/cert-manager/cert-manager-controller-certificatesigningrequests-cr.yaml
• config/crd/bases/certificates.cert-manager.io-crd.yaml
• config/manager/manager.yaml
• bindata/cert-manager-deployment/controller/cert-manager-controller-certificates-crb.yaml
• bindata/cert-manager-deployment/webhook/cert-manager-webhook-deployment.yaml
• bundle/manifests/acme.cert-manager.io_orders.yaml

🔇 Additional comments (18)

bindata/cert-manager-deployment/controller/cert-manager-controller-certificates-cr.yaml (1)

9-9: Version annotation updated correctly.

The version annotation is correctly bumped from v1.18.2 to v1.18.3, consistent with the PR objective to upgrade cert-manager to v1.18.3. The RBAC rules remain unchanged and appropriate for the cert-manager controller component.

bindata/cert-manager-deployment/controller/cert-manager-sa.yaml (1)

10-10: Version label update is consistent with PR objectives.

The app.kubernetes.io/version label has been correctly updated to v1.18.3, aligning with the coordinated upstream version bump documented in the PR. The YAML structure and Kubernetes label conventions are properly maintained.

bindata/cert-manager-deployment/controller/cert-manager-controller-ingress-shim-cr.yaml (1)

9-9: Version annotation correctly bumped to v1.18.3.

The app.kubernetes.io/version annotation has been properly updated as part of the upstream cert-manager v1.18.3 release. The RBAC rules remain intact and the resource structure is unchanged.

bindata/cert-manager-deployment/webhook/cert-manager-webhook-dynamic-serving-role.yaml (1)

9-9: Version label updated correctly and verified consistent across all cert-manager manifests.

The app.kubernetes.io/version label is properly updated from v1.18.2 to v1.18.3 on line 9. Verification confirms all cert-manager deployment manifests (webhook and controller components) have been consistently updated to v1.18.3. No mixed or incomplete version updates detected. The istio-csr component remains at v0.14.2, which is expected as a separate project.

bindata/cert-manager-deployment/controller/cert-manager-svc.yaml (1)

9-9: Version label correctly updated to v1.18.3.

The app.kubernetes.io/version label update is accurate and consistent with the PR objective.

config/manifests/bases/cert-manager-operator.clusterserviceversion.yaml (1)

70-72: Description link and version reference updated correctly.

The description now accurately points to cert-manager v1.18.3. Note that the operator version itself (line 108) correctly remains at 1.18.0, which is distinct from the managed component version—this is the intended separation for operator versioning.

bindata/cert-manager-deployment/controller/cert-manager-controller-orders-cr.yaml (1)

9-9: Version label correctly bumped to v1.18.3.

The app.kubernetes.io/version label in this ClusterRole manifest is properly updated. RBAC rules remain unchanged, as expected.

bundle/manifests/cert-manager.io_issuers.yaml (1)

13-13: Version label bump looks good. The label now matches the v1.18.3 release target.

bindata/cert-manager-deployment/webhook/cert-manager-webhook-dynamic-serving-rb.yaml (1)

9-9: Webhook RBAC version updated correctly. The metadata now references v1.18.3 as expected.

images/ci/operand.Dockerfile (1)

3-3: Builder ARG aligns with v1.18.3 tag. This keeps the CI operand build sourcing the correct branch.

bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-crb.yaml (1)

9-9: Cainjector CRB label updated appropriately. The metadata now reflects the v1.18.3 deployment bundle.

bindata/cert-manager-deployment/controller/cert-manager-controller-clusterissuers-crb.yaml (1)

9-9: Controller ClusterIssuer RBAC version matches upgrade. Label now points to v1.18.3.

bindata/cert-manager-deployment/cainjector/cert-manager-cainjector-sa.yaml (1)

10-10: ServiceAccount metadata updated consistently. The cainjector SA version label now aligns with v1.18.3.

go.mod (4)

6-6: LGTM! cert-manager version bump is correct.

The cert-manager dependency update from v1.18.2 to v1.18.3 aligns with the PR objectives and is consistent with the replace directive at line 301.

---

24-24: Verify compatibility of golang.org/x/ dependency updates.*

Several golang.org/x/* packages have significant version jumps (e.g., x/tools from v0.28.0 to v0.36.0). While these are indirect dependencies likely pulled in by the cert-manager upgrade or Go version bump, please ensure the build and tests pass with these updated versions.

Also applies to: 254-266

---

301-301: LGTM! Replace directive correctly updated.

The replace directive for cert-manager is correctly updated to point to github.com/openshift/jetstack-cert-manager v1.18.3, consistent with the dependency declaration at line 6.

---

305-305: LGTM! asciicheck replace directive added per previous feedback.

This replace directive addresses the previous review feedback and aligns with the golangci-lint dependency requirements.

Based on learnings

pkg/operator/assets/bindata.go (1)

1-2971: LGTM! Generated file with consistent version updates.

This is a generated file (go-bindata) containing embedded Kubernetes manifests. All version references have been consistently updated from v1.18.2 to v1.18.3 across:

• app.kubernetes.io/version labels
• Container image tags (quay.io/jetstack/cert-manager-*)
• ACME solver image references

The changes are mechanical and align with the PR objective of bumping cert-manager to v1.18.3.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

🧩 Analysis chain

Verify Go 1.24.6 is a valid release version.

Please confirm that Go 1.24.6 is an officially released version and is the intended version for this project. As of October 2025, this version number should be validated.

---

🏁 Script executed:

#!/bin/bash
# Check if Go 1.24.6 exists
curl -s https://go.dev/dl/?mode=json | jq -r '.[].version' | grep -E '^go1\.24\.'

Length of output: 8

---

Update Go version to latest available 1.24 patch release.

Go 1.24.6 was released on August 6, 2025 with security fixes to database/sql and os/exec packages, so it is a valid version. However, Go 1.24.8 was released on October 7, 2025 with additional security fixes to multiple packages including archive/tar, crypto/tls, and crypto/x509. Consider upgrading to the latest 1.24 patch to ensure all available security updates are included.

🤖 Prompt for AI Agents

In go.mod around line 3, the module is pinned to "go 1.24.6" which is outdated;
update the go directive to the latest 1.24 patch (e.g. "go 1.24.8") to pick up
recent security fixes, then run go mod tidy (and optionally go mod download) and
rebuild/run tests to ensure dependencies and generated files are consistent with
the new toolchain.

[PillaiManish]

NA

[coderabbitai]

@PillaiManish Understood! I'll note that Go 1.24.6 will remain as the version for this PR. Let me know if you need anything else! 🐰

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

go.mod (1)

3-3: Go version 1.24.4 is outdated; consider upgrading for security patches.

Previous review flagged that Go 1.24.8 was released on October 7, 2025 with security fixes to archive/tar, crypto/tls, and crypto/x509, among others. The current pinned version (1.24.4) predates these patches. Consider upgrading to the latest available 1.24 patch to ensure all critical security updates are included.

What is the rationale for using 1.24.4 instead of a more recent 1.24.x patch? If there are no compatibility concerns with cert-manager v1.18.3 or other dependencies, consider updating to the latest available patch.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 08938bb and c3ffce3.

📒 Files selected for processing (1)

• go.mod (4 hunks)

🔇 Additional comments (3)

go.mod (3)

6-6: cert-manager dependency correctly bumped to v1.18.3.

The upgrade from v1.18.2 to v1.18.3 aligns with the PR objectives to rebase to upstream cert-manager v1.18.3.

---

301-301: Replace directive correctly routes cert-manager to openshift/jetstack-cert-manager.

The replace directive ensures the correct downstream fork (openshift/jetstack-cert-manager v1.18.3) is used instead of the upstream cert-manager package, as intended per the PR objectives.

---

305-305: asciicheck replace directive resolves previous version mismatch concern.

This replaces asciicheck with the correct version (v0.1.1) that is compatible with golangci/golangci-lint v1.50.1, addressing the concern raised in the earlier review by @bharath-b-rh.

[openshift-ci]

@PillaiManish: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-operator-tech-preview	c3ffce3	link	false	/test e2e-operator-tech-preview

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[bharath-b-rh]

/lgtm
/approve

[bharath-b-rh]

/cherrypick cert-manager-1.18

[openshift-cherrypick-robot]

@bharath-b-rh: once the present PR merges, I will cherry-pick it on top of cert-manager-1.18 in a new PR and assign it to you.

Details

In response to this:

/cherrypick cert-manager-1.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bharath-b-rh, PillaiManish

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [bharath-b-rh]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[lunarwhite]

Why this change is required? 0c3858d

I just tried it in an isolated GH codespace env, the rebase would also succeed without this commit 🧐

[bharath-b-rh]

github.com/tdakkota/asciicheck doesn't exist anymore. isolated GH codespace env did it have any packages in go mod cache, if so that would be the reason it worked. Building from scratch is causing failure.

[lunarwhite]

Thanks for this context! (It would be great if it was mentioned in the git commit or the PR description :P) Then we could eliminate a round of Q-and-A

isolated GH codespace env did it have any packages in go mod cache, if so that would be the reason it worked

It could also be the predefined Go proxy in the GH codespace I presume golangci/golangci-lint#6017

[lunarwhite]

Sorry I might missed some context, but why we're changing back from 1.24.6 to 1.24.4? #326 (comment)

[bharath-b-rh]

The CI golang image doesn't have 1.24.6 yet, hence had to use 1.24.4. We will do this follow up PR, when the tag becomes available.

[lunarwhite]

/label qe-approved

/retitle CM-747: release chore: Upstream bump for v1.18.3 and rebase for v1.18.0 release

[openshift-ci-robot]

@PillaiManish: This pull request references CM-747 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Rebase downstream cert-manager-operator for v1.18.0 with upstream cert-manager v1.18.3.

• Prerequisite: Downstream v1.18.3 tag is pushed and synced https://github.com/openshift/jetstack-cert-manager/tags
• Bump deps with upstream cert-manager@v1.18.3

go get github.com/cert-manager/cert-manager@v1.18.3
go mod edit -replace github.com/cert-manager/cert-manager=github.com/openshift/jetstack-cert-manager@v1.18.3
go mod tidy && go mod vendor

• Update Makefile: BUNDLE_VERSION, CERT_MANAGER_VERSION, CHANNELS

- replace CERT_MANAGER_VERSION  ->  "v1.18.3"
- * make update
* make bundle

• More manual replacements

- replace "1.18.2" -> "1.18.3" (operand)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-cherrypick-robot]

@bharath-b-rh: new pull request created: #329

Details

In response to this:

/cherrypick cert-manager-1.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.