Configure Renovate

[renovate]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• Dockerfile (dockerfile)
• .github/workflows/_reusable-build-changed.yaml (github-actions)
• .github/workflows/_reusable-manifests.yaml (github-actions)
• .github/workflows/build-and-release.yaml (github-actions)
• api/go.mod (gomod)
• go.mod (gomod)
• pkg/cluster-handler/go.mod (gomod)
• pkg/data-handler/go.mod (gomod)
• pkg/resource-handler/go.mod (gomod)
• config/manager/kustomization.yaml (kustomize)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Hopefully safe environment variables to allow users to configure.
• Show all Merge Confidence badges for pull requests.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Show only the Age and Confidence Merge Confidence badges for pull requests.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

What to Expect

With your current configuration, Renovate will create 15 Pull Requests:

Update github.com/numtide/multigres-operator/api digest to 4d8b69e

• Schedule: ["at any time"]
• Branch name: renovate/github.1485827954.workers.dev-numtide-multigres-operator-api-digest
• Merge into: main
• Upgrade github.com/numtide/multigres-operator/api to 4d8b69ea475b

Update github.com/numtide/multigres-operator/pkg/resource-handler digest to 201167d

• Schedule: ["at any time"]
• Branch name: renovate/github.1485827954.workers.dev-numtide-multigres-operator-pkg-resource-handler-digest
• Merge into: main
• Upgrade github.com/numtide/multigres-operator/pkg/resource-handler to 201167da16d0

Update k8s.io/utils digest to bc988d5

• Schedule: ["at any time"]
• Branch name: renovate/k8s.io-utils-digest
• Merge into: main
• Upgrade k8s.io/utils to bc988d571ff4

Update actions/checkout action to v5.0.1

• Schedule: ["at any time"]
• Branch name: renovate/actions-checkout-5.x
• Merge into: main
• Upgrade actions/checkout to 93cb6efe18208431cddfb8368fd83d5badbf9bfd

Update actions/dependency-review-action action to v4.8.2

• Schedule: ["at any time"]
• Branch name: renovate/actions-dependency-review-action-4.x
• Merge into: main
• Upgrade actions/dependency-review-action to 3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261

Update golang Docker tag to v1.25.4

• Schedule: ["at any time"]
• Branch name: renovate/golang-1.x
• Merge into: main
• Upgrade golang to 1.25.4-alpine3.22

Update kubernetes packages to v0.34.2

• Schedule: ["at any time"]
• Branch name: renovate/kubernetes-go
• Merge into: main
• Upgrade k8s.io/api to v0.34.2
• Upgrade k8s.io/apimachinery to v0.34.2
• Upgrade k8s.io/client-go to v0.34.2

Update module sigs.k8s.io/controller-runtime to v0.22.4

• Schedule: ["at any time"]
• Branch name: renovate/sigs.k8s.io-controller-runtime-0.x
• Merge into: main
• Upgrade sigs.k8s.io/controller-runtime to v0.22.4

Update actions/setup-go action to v6.1.0

• Schedule: ["at any time"]
• Branch name: renovate/actions-setup-go-6.x
• Merge into: main
• Upgrade actions/setup-go to 4dc6199c7b1a012772edbd06daecab0f50c9053c

Update anchore/scan-action action to v7.2.0

• Schedule: ["at any time"]
• Branch name: renovate/anchore-scan-action-7.x
• Merge into: main
• Upgrade anchore/scan-action to 3aaf50d765cfcceafa51d322ccb790e40f6cd8c5

Update docker/setup-docker-action action to v4.5.0

• Schedule: ["at any time"]
• Branch name: renovate/docker-setup-docker-action-4.x
• Merge into: main
• Upgrade docker/setup-docker-action to efe9e3891a4f7307e689f2100b33a155b900a608

Update docker/setup-qemu-action action to v3.7.0

• Schedule: ["at any time"]
• Branch name: renovate/docker-setup-qemu-action-3.x
• Merge into: main
• Upgrade docker/setup-qemu-action to c7c53464625b32c7a7e944ae62b3e17d2b600130

Update github/codeql-action action to v4.31.4

• Schedule: ["at any time"]
• Branch name: renovate/github-codeql-action-4.x
• Merge into: main
• Upgrade github/codeql-action to e12f0178983d466f2f6028f5cc7a6d786fd97f4b

Update actions/checkout action to v6

• Schedule: ["at any time"]
• Branch name: renovate/actions-checkout-6.x
• Merge into: main
• Upgrade actions/checkout to 1af3b93b6815bc44a9784bd300feb67ff0d1eeb3

Update golangci/golangci-lint-action action to v9

• Schedule: ["at any time"]
• Branch name: renovate/golangci-golangci-lint-action-9.x
• Merge into: main
• Upgrade golangci/golangci-lint-action to e7fa5ac41e1cf5b7d48e45e42232ce7ada589601

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR was generated by Mend Renovate. View the repository job log.

[rcambrj]

I'm wondering about the github.com/numtide/multigres-operator/* package upgrades. We should indeed set pre-commit and/or pipeline checks (as you mentioned @rytswd), but it'll be nice to have a reminder, should they fail.

I also wonder about:

Update actions/dependency-review-action action to v4.8.1

Because I don't know whether it'll update using the locked hash method.

I think it's worth enabling this plugin then judging its usefulness and further configuring it once it opens some PRs.