NO-JIRA: Update Dockerfile.dev to use latest base images

[rhamilto]

Summary

• Update Dockerfile.dev to use OpenShift 4.22 base images with Go 1.25
• Aligns with the main Dockerfile for consistency

Changes

• Builder image: rhel-9-golang-1.23-openshift-4.20 → rhel-9-golang-1.25-openshift-4.22
• Runtime image: ocp/4.20:base-rhel9 → ocp/builder:rhel-9-base-nodejs-openshift-4.22

Test plan

• Verify Dockerfile.dev builds successfully with updated images
• Confirm runtime container starts correctly

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated build environment with the latest development tools and platform versions to ensure improved performance and enhanced compatibility.
  • Upgraded runtime base image with an enhanced Node.js toolchain to improve application stability, strengthen security, and support better deployment practices.

[coderabbitai]

📝 Walkthrough

Walkthrough

The Dockerfile.dev has been updated to advance the build and runtime environments for OpenShift Console. The builder stage now uses Go 1.25 with OpenShift 4.22 instead of Go 1.23 with 4.20. The final runtime image shifts from a minimal base-rhel9 to a Node.js-equipped image also targeting OpenShift 4.22. These changes modernize the toolchain versions for both backend compilation and container execution while preserving existing artifact handling and container configuration directives.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Dockerfile.dev`:
- Line 8: Change the final stage base image from the Node.js variant to the
minimal production base by replacing the FROM image reference
"registry.ci.openshift.org/ocp/builder:rhel-9-base-nodejs-openshift-4.22" with
the minimal runtime base used in production (e.g.,
"registry.ci.openshift.org/ocp/builder:base-rhel9"); ensure the stage still
copies the Go binary (/opt/bridge/bin/bridge) and static frontend assets and
remove any leftover Node-specific install/copy steps so the resulting dev image
mirrors the production minimal runtime.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 707ffb37-3d3d-4d94-b1e4-c2bac628b2c9

📥 Commits

Reviewing files that changed from the base of the PR and between 62dd642 and be722fd.

📒 Files selected for processing (1)

• Dockerfile.dev

📜 Review details

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• Dockerfile.dev

🪛 Hadolint (2.14.0)

Dockerfile.dev

[error] 4-4: Use COPY instead of ADD for files and folders

(DL3020)

🔀 Multi-repo context openshift/console-operator

openshift/console-operator findings

• Dockerfile.ocp uses the same newer builder/runtime images (Go 1.25, OpenShift 4.22):

  • Dockerfile.ocp:1 (FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22) and Dockerfile.ocp:8 (FROM registry.ci.openshift.org/ocp/4.22:base-rhel9) [::openshift/console-operator::Dockerfile.ocp]

• CI/operator config already targets 4.22/golang-1.25 in repo metadata:

  • .ci-operator.yaml:4 (tag: rhel-9-release-golang-1.25-openshift-4.22) [::openshift/console-operator::.ci-operator.yaml]
  • vendor/github.com/openshift/api/Dockerfile.ocp and vendor/.../.ci-operator.yaml also reference rhel-9-golang-1.25 / ocp 4.22 [::openshift/console-operator::vendor/github.com/openshift/api/Dockerfile.ocp] and [::openshift/console-operator::vendor/github.com/openshift/api/.ci-operator.yaml]

• No occurrences of a Dockerfile.dev or the exact runtime image registry.ci.openshift.org/ocp/builder:rhel-9-base-nodejs-openshift-4.22 were found in this repository (search returned no Dockerfile.dev matches). If the PR is limited to openshift/console's Dockerfile.dev, this repo has no direct Dockerfile.dev consumer to update. [::openshift/console-operator::search results]

Conclusion: This repository already uses the updated builder/runtime (Go 1.25 / OCP 4.22) in its Dockerfile.ocp and CI metadata; I found no direct references to Dockerfile.dev or the nodejs runtime image in this repo.

🔇 Additional comments (1)

Dockerfile.dev (1)

2-2: LGTM: Builder image upgrade aligns with go.mod and production.

The Go 1.25 builder matches the go 1.25.7 directive in go.mod, and the OpenShift 4.22 target aligns with the production Dockerfile and console-operator repo. This keeps the dev environment consistent with the build toolchain.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if Dockerfile.dev or related dev tooling references Node.js at runtime

# Search for any runtime Node.js usage in dev docs or scripts
rg -n --type=md --type=sh -i 'dockerfile\.dev.*node' 

# Check if dev scripts expect Node.js in the running container
rg -n --type=sh 'docker.*run.*Dockerfile\.dev|podman.*run.*Dockerfile\.dev' -A 5 | rg -i 'npm|node|yarn'

# Compare runtime images between Dockerfile and Dockerfile.dev
echo "=== Production Dockerfile runtime ==="
rg -n '^FROM.*' Dockerfile | tail -1

echo "=== Dockerfile.dev runtime ==="
rg -n '^FROM.*' Dockerfile.dev | tail -1

Repository: openshift/console

Length of output: 262

---

🏁 Script executed:

#!/bin/bash
# Read the full Dockerfile.dev to understand Node.js usage
cat -n Dockerfile.dev | head -60

Repository: openshift/console

Length of output: 825

---

🏁 Script executed:

#!/bin/bash
# Check production Dockerfile runtime stage and any related context
echo "=== Production Dockerfile context around runtime stage ==="
sed -n '55,65p' Dockerfile

echo ""
echo "=== Check if there's dev workflow documentation ==="
rg -i 'dockerfile\.dev|dev.*runtime|node.*runtime' --type=md | head -20

echo ""
echo "=== Verify what's in the final stage - any Node.js references? ==="
sed -n '8,15p' Dockerfile.dev

Repository: openshift/console

Length of output: 2365

---

🏁 Script executed:

#!/bin/bash
# Check README or CONTRIBUTING for any mention of Dockerfile.dev dev workflow
echo "=== README mentions of Dockerfile.dev ==="
rg -n 'Dockerfile\.dev' README.md -B 2 -A 5

echo ""
echo "=== CONTRIBUTING docs ==="
if [ -f CONTRIBUTING.md ]; then
  rg -n -i 'docker|dev.*setup|runtime' CONTRIBUTING.md | head -20
else
  echo "No CONTRIBUTING.md found"
fi

Repository: openshift/console

Length of output: 593

---

Remove unnecessary Node.js from the dev runtime — align with production's minimal base.

Dockerfile.dev's final stage uses rhel-9-base-nodejs-openshift-4.22, but the container only executes the Go binary (/opt/bridge/bin/bridge) and serves pre-built frontend assets. Node.js isn't invoked.

This introduces security and efficiency concerns:

• Expanded attack surface: Unnecessary binaries and runtime libraries that the application never uses.
• Image bloat: Node.js adds hundreds of MB without benefit.
• Production divergence: The production Dockerfile uses minimal base-rhel9, not the nodejs variant, for the identical runtime workload.

Switch to the minimal base image to match production:

Suggested change

-FROM registry.ci.openshift.org/ocp/builder:rhel-9-base-nodejs-openshift-4.22
+FROM registry.ci.openshift.org/ocp/4.22:base-rhel9

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	FROM registry.ci.openshift.org/ocp/builder:rhel-9-base-nodejs-openshift-4.22
	FROM registry.ci.openshift.org/ocp/4.22:base-rhel9

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile.dev` at line 8, Change the final stage base image from the Node.js
variant to the minimal production base by replacing the FROM image reference
"registry.ci.openshift.org/ocp/builder:rhel-9-base-nodejs-openshift-4.22" with
the minimal runtime base used in production (e.g.,
"registry.ci.openshift.org/ocp/builder:base-rhel9"); ensure the stage still
copies the Go binary (/opt/bridge/bin/bridge) and static frontend assets and
remove any leftover Node-specific install/copy steps so the resulting dev image
mirrors the production minimal runtime.

[logonoff]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: logonoff, rhamilto

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [rhamilto]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@rhamilto: This pull request explicitly references no jira issue.

Details

In response to this:

Summary

• Update Dockerfile.dev to use OpenShift 4.22 base images with Go 1.25
• Aligns with the main Dockerfile for consistency

Changes

• Builder image: rhel-9-golang-1.23-openshift-4.20 → rhel-9-golang-1.25-openshift-4.22
• Runtime image: ocp/4.20:base-rhel9 → ocp/builder:rhel-9-base-nodejs-openshift-4.22

Test plan

• Verify Dockerfile.dev builds successfully with updated images
• Confirm runtime container starts correctly

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
• Updated build environment with the latest development tools and platform versions to ensure improved performance and enhanced compatibility.
• Upgraded runtime base image with an enhanced Node.js toolchain to improve application stability, strengthen security, and support better deployment practices.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[logonoff]

/verified by CI

[openshift-ci-robot]

@logonoff: This PR has been marked as verified by CI.

Details

In response to this:

/verified by CI

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 12d651d and 2 for PR HEAD be722fd in total

[rhamilto]

/retest

[rhamilto]

/retest

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD d50b991 and 1 for PR HEAD be722fd in total

[openshift-ci]

@rhamilto: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-gcp-console	be722fd	link	true	/test e2e-gcp-console

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 4dde711 and 0 for PR HEAD be722fd in total