This user story focuses on implementing dependency management for the external-dns-operator and external-dns repositories. We are specifically interested in two types of dependencies: Go modules and Containerfile base/builder images.

For Go module management:

• Go module updates should be automatically handled by Konflux's MintMaker, but only for the external-dns-operator repository.
• The external-dns repository should continue receiving Go module updates via regular upstream rebases.
• Applying automatic Go module updates to external-dns may lead to unresolvable rebase conflicts and is therefore not desired.
• We are only interested in Go module updates that address known CVEs. Frequent updates to all modules introduce excessive noise and risk and should be avoided.

For Containerfile management:

• Base and builder image updates should be applied regularly.
• We need to explore options to restrict updates to specific major/minor versions, avoiding unwanted automatic migrations.
• In particular, RHEL major version migrations and minor Go version updates should not be performed automatically through MintMaker.

Acceptance criteria

• Base and builder images of external-dns-operator are updated to the latest RHEL9/Golang available.
• Gomod dependencies of external-dns-operator don't have critical or high CVEs.
• Base and builder images of external-dns are updated to the latest RHEL9/Golang available.
• Clair, ClamAV and deprecated-base-image checks of the build pipelines are green for both external-dns-operator and external-dns.

Useful links

• Konflux documentation: dependency management.
• Example of go module updates limited to CVE: PR (potential problem with go mod commands).
• Example of go module updates disabled: PR.