Update docker images (main)

[red-hat-konflux]

This PR contains the following updates:

Package	Type	Update	Change
registry.access.redhat.com/ubi9/ubi-minimal	final	digest	44bc70e → c5478a5

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag	Coverage Δ
acceptance	53.44% <ø> (ø)
generative	16.79% <ø> (ø)
integration	27.66% <ø> (ø)
unit	69.13% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 2:38 AM UTC · Completed 2:42 AM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 2:12 AM UTC · Completed 2:16 AM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 1:39 AM UTC · Completed 1:45 AM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-review]

See the review comment for full details.

[fullsend-ai-retro]

🤖 Finished Retro · ✅ Success · Started 9:37 PM UTC · Completed 9:41 PM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-retro]

Retro: PR #3270 — Second retro run on autoclosed bot dependency PR

This is a duplicate retro run on the same PR that was already retrospected on June 19. PR #3270 was an automated red-hat-konflux[bot] PR bumping a Docker base image digest across 3 Dockerfiles. It sat open for 52 days with zero human interaction, was reviewed 4 times by the review agent, and was closed without merge on June 26 (likely superseded).

What happened since the last retro (June 19 → June 26)

• June 20, 24, 26: The review agent ran 3 additional times on the same commit, approving twice more then issuing CHANGES_REQUESTED on the final run (flagging a [protected-path] finding on Dockerfiles).
• June 26: PR closed without merge. This retro dispatched.

The inconsistent final verdict (3 approvals → CHANGES_REQUESTED on the same commit 47d3320) and the repeated review runs on a stale bot PR further underscore the waste identified in the previous retro.

No new proposals — all improvements already tracked

All improvement opportunities are extensively covered by existing open issues in fullsend-ai/fullsend:

• Skip bot PR reviews: #1371, #1358, #2639
• Skip retro on bot/unmerged PRs: #1630, #1411, #2461, #2176
• Deduplicate retro runs: #2401
• Skip redundant re-reviews: #1355, #1356, #1372
• Inconsistent review verdicts: #1561, #1319
• Protected-path severity for bot PRs: #2588

This PR adds another data point (now with 4 review runs + 2 retro runs on a 3-line bot PR) reinforcing the priority of these existing issues. The highest-impact items remain #1371 (skip review for bot PRs) and #2401 (deduplicate retro runs).

[fullsend-ai-review]

🤖 Review · ⚠️ Cancelled · Started 1:44 AM UTC · Ended 1:50 AM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 1:52 AM UTC · Completed 1:59 AM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-review]

See the review comment for full details.

[fullsend-ai-review]

[high] protected-path

Dockerfile and Dockerfile.dist are under protected paths. The PR has no linked issue providing authorization for modifying governance/infrastructure files. While this is a mechanical base image digest update (ubi9/ubi-minimal sha256:44bc70ef → sha256:c5478a52) from an automated Renovate bot, human approval is always required for protected-path changes.

Suggested fix: A human reviewer with write access should verify the digest update is expected and approve the PR. No code changes are needed.