chore: prepare omni with talos v1.13.0-beta

[oguzkilcan]

Prepare omni with talos v1.13.0-beta

[claude]

Claude Code Review

This pull request is from a fork — automated review is disabled. A repository maintainer can comment @claude review to run a one-time review.

[Copilot]

Pull request overview

Prepares Omni for Talos v1.13.0-beta by bumping default/test Talos versions, adding the v1.13 config schema, and switching container linting from govulncheck to dis-vulncheck.

Changes:

• Bump Talos default and integration-test versions to 1.13.0-beta.* (and stable baseline to 1.12.6).
• Add Talos v1.13.0-beta.1 config schema download and wiring for frontend schema generation.
• Replace hack/govulncheck.sh usage in Docker lint targets with dis-vulncheck and add build arg/version pinning.

Reviewed changes

Copilot reviewed 10 out of 11 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
Makefile	Adds DIS_VULNCHECK_VERSION build arg to support dis-vulncheck installation in Docker builds.
internal/pkg/constants/versions.go	Updates Talos versions used by integration tests (default/stable/another).
hack/test/common.sh	Updates Talos versions used by test harness env vars.
frontend/src/api/resources.ts	Updates frontend default Talos version constant to 1.13.0-beta.1.
frontend/src/api/google/rpc/status.proto	Updates header year and removes cc_enable_arenas option.
frontend/src/api/google/rpc/code.proto	Updates header year.
Dockerfile	Installs dis-vulncheck, adds Talos v1.13 schema fetch, and switches lint stages to dis-vulncheck.
client/pkg/constants/constants.go	Updates DefaultTalosVersion used by UI/default image/tests.
.kres.yaml	Adds Talos v1.13 schema source for generated frontend schema artifacts.
.dockerignore	Updates generated header and allowlist entries (currently duplicated / includes missing file reference).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

.dockerignore now contains duplicate allowlist entries (!hack/govulncheck.sh and !.disvulncheck.yaml are each listed twice). This is noisy and can make future edits/error diagnosis harder; please dedupe the entries (keep each path only once).

Suggested change

	!hack/govulncheck.sh
	!.disvulncheck.yaml

[Copilot]

The lint stages still say “runs govulncheck”, but they now execute dis-vulncheck. Please update the comments (and/or stage names, if feasible) so the Dockerfile accurately reflects what the targets do.

[Copilot]

govulncheck is still being installed into the tools image, but the lint-govulncheck* targets now invoke dis-vulncheck -tool=false, so govulncheck appears unused. Consider removing the govulncheck@latest install (or switching dis-vulncheck to use it) to reduce build time and image size.

Suggested change

	RUN --mount=type=cache,target=/root/.cache/go-build,id=omni/root/.cache/go-build --mount=type=cache,target=/go/pkg,id=omni/go/pkg go install golang.org/x/vuln/cmd/govulncheck@latest \
	&& mv /go/bin/govulncheck /bin/govulncheck

[Copilot]

.dockerignore allowlists !.disvulncheck.yaml, but that file doesn’t appear to exist in the repo. If a config file is intended for dis-vulncheck, please add it; otherwise remove these allowlist entries to avoid dead references.

Suggested change

	!.disvulncheck.yaml
	!hack/govulncheck.sh
	!.disvulncheck.yaml
	!hack/govulncheck.sh