// Upgrades Go version across the entire Chainloop codebase including source files, Docker images, CI/CD workflows, and documentation. Use when the user mentions upgrading Go, golang version, or updating Go compiler version.
Reviews vulnerability policy violations for the chainloop project recorded in Chainloop and performs fixes in Dockerfiles or go.mod. Use when asked to fix vulnerabilities, review CVEs, or remediate security issues in chainloop.
Reviews open Dependabot pull requests, assesses their risk level based on version bump type and CI status, approves low-risk PRs, and merges them. Use when asked to process, review, merge, or triage Dependabot PRs.
Create a custom builtin function to be used in the Rego policy engine
Upgrades Helm chart dependencies (PostgreSQL, Vault) in the Chainloop project, including vendorized charts, container images, and CI/CD workflows. Use when the user mentions upgrading Helm charts, Bitnami dependencies, PostgreSQL chart, or Vault chart. CRITICAL - Major version upgrades are FORBIDDEN and must be escalated.
| name | upgrading-golang |
| description | Upgrades Go version across the entire Chainloop codebase including source files, Docker images, CI/CD workflows, and documentation. Use when the user mentions upgrading Go, golang version, or updating Go compiler version. |
This skill automates the comprehensive Go version upgrade process across all components of the Chainloop project.
Ask the user:
Pull the official golang Docker image and extract its SHA256 digest:
docker pull golang:X.XX.X
Extract the SHA256 digest from the output (format: sha256:abc123...).
Update the go directive in:
./go.modIMPORTANT: Do NOT update ./extras/dagger/go.mod per project policy.
Pattern to replace:
go X.XX.X
Update all Dockerfiles with the new version and SHA256 digest. See files-to-update.md for the complete list.
Pattern to replace:
FROM golang:X.XX.X@sha256:OLD_DIGEST AS builder
With:
FROM golang:X.XX.X@sha256:NEW_DIGEST AS builder
Update the version reference in ./CLAUDE.md under "Key Technologies":
- **Language**: Go X.XX.X. To know how to upgrade go version, see docs/runbooks
If the user requested an Atlas upgrade:
6a. Pull the Atlas Docker image and extract its SHA256 digest:
docker pull arigaio/atlas:X.XX.X
Extract the SHA256 digest from the output (format: sha256:abc123...).
6b. Update ./app/controlplane/Dockerfile.migrations:
Pattern to replace:
# from: arigaio/atlas:X.XX.X
# docker run arigaio/atlas@sha256:OLD_DIGEST version
# atlas version vX.XX.X
FROM arigaio/atlas@sha256:OLD_DIGEST as base
With:
# from: arigaio/atlas:X.XX.X
# docker run arigaio/atlas@sha256:NEW_DIGEST version
# atlas version vX.XX.X
FROM arigaio/atlas@sha256:NEW_DIGEST as base
7c. Update ./common.mk for make init:
IMPORTANT: Before updating the version in common.mk, ALWAYS test that the Atlas version is available via the curl command:
curl -sSf https://atlasgo.sh | ATLAS_VERSION=vX.XX.X sh -s -- --version
If the command fails or the version is not available, do NOT update common.mk. Only the Docker image should be updated in this case.
Update the Atlas CLI installation version in the init target:
Pattern to replace:
curl -sSf https://atlasgo.sh | ATLAS_VERSION=vX.XX.X sh -s -- -y
With the new version (note: use v prefix for the version):
curl -sSf https://atlasgo.sh | ATLAS_VERSION=vX.XX.X sh -s -- -y
Run verification commands:
make test
make lint
If errors occur, address them before completing the upgrade.
buf format -w if any proto files were affectedwire ./... if any constructor dependencies changedgo.mod changes with go mod tidy./extras/dagger/go.mod) must NOT be updated