Improve 8.x Dependency Updates (#2691)

* Add dependabot update for branch 8.x * Add updatecli update for branch 8.x * Add 8.x branch for package-ecosystem * Remove backport labels * Improve naming to identify branches (cherry picked from commit 7ffa27b) # Conflicts: # .ci/updatecli/updatecli.d/update-golang.yml # .github/dependabot.yml
elastic · Nov 13, 2024 · c5f8622 · c5f8622
1 parent f6601ca
commit c5f8622
Show file tree

Hide file tree

Showing 6 changed files with 73 additions and 7 deletions.
diff --git a/.ci/updatecli/updatecli.d/update-beats.yml b/.ci/updatecli/updatecli.d/update-beats.yml
@@ -16,7 +16,7 @@ scms:
 
 actions:
   default:
-    title: '[updatecli] Update to elastic/beats@{{ source "beats" }}'
+    title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update to elastic/beats@{{ source "beats" }}'
     kind: github/pullrequest
     scmid: default
     spec:

diff --git a/.ci/updatecli/updatecli.d/update-golang.yml b/.ci/updatecli/updatecli.d/update-golang.yml
@@ -16,16 +16,20 @@ scms:
 
 actions:
   cloudbeat:
-    title: '[updatecli] Update Golang version to {{ source "latestGoVersion" }}'
+    title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update Golang version to {{ source "latestGoVersion" }}'
     kind: github/pullrequest
     scmid: default
     sourceid: latestGoVersion
     spec:
       automerge: false
       labels:
         - automation
+        - backport-skip
         - dependency
+<<<<<<< HEAD
         - backport-skip
+=======
+>>>>>>> 7ffa27b7 (Improve 8.x Dependency Updates (#2691))
         - go
       description: |-
         ### What

diff --git a/.ci/updatecli/updatecli.d/update-hermit.yml b/.ci/updatecli/updatecli.d/update-hermit.yml
@@ -16,7 +16,7 @@ scms:
 
 actions:
   default:
-    title: '[updatecli] Update hermit and pre-commit dependencies'
+    title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update hermit and pre-commit dependencies'
     kind: github/pullrequest
     scmid: default
     spec:

diff --git a/.ci/updatecli/updatecli.d/update-mods.yml b/.ci/updatecli/updatecli.d/update-mods.yml
@@ -16,7 +16,7 @@ scms:
 
 actions:
   default:
-    title: '[updatecli] Update golang mod dependencies'
+    title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update golang mod dependencies'
     kind: github/pullrequest
     scmid: default
     spec:

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -26,10 +26,47 @@ updates:
         patterns:
           - "github.com/aquasecurity/*"
     labels:
+<<<<<<< HEAD
       - "backport-skip"
+=======
+>>>>>>> 7ffa27b7 (Improve 8.x Dependency Updates (#2691))
       - "dependency"
       - "go"
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 2
+    # elastic/beats is using v7 in their go.mod, leading to automatic updates not working. Manual update is needed with
+    # go get -u github.com/elastic/beats/v7@<commit sha>
+    ignore:
+      - dependency-name: "github.com/elastic/beats/v7"
+    schedule:
+      interval: "monthly"
+
+  - package-ecosystem: "gomod"
+    target-branch: "8.x"
+    directory: "/"
+    groups:
+      azure:
+        patterns:
+          - "github.com/Azure/*"
+      aws:
+        patterns:
+          - "github.com/aws/*"
+      google:
+        patterns:
+          - "cloud.google.com/*"
+          - "google.golang.org/api"
+      elastic:
+        patterns:
+          - "github.com/elastic/*"
+      k8s:
+        patterns:
+          - "k8s.io/*"
+      trivy:
+        patterns:
+          - "github.com/aquasecurity/*"
+    labels:
+      - "dependency"
+      - "go"
+    open-pull-requests-limit: 2
     # elastic/beats is using v7 in their go.mod, leading to automatic updates not working. Manual update is needed with
     # go get -u github.com/elastic/beats/v7@<commit sha>
     ignore:
@@ -43,7 +80,31 @@ updates:
     schedule:
       interval: "monthly"
     labels:
+<<<<<<< HEAD
       - "backport-skip"
+=======
+      - "dependency"
+      - "github_actions"
+    groups:
+      artifact:
+        patterns:
+        - "actions/download-artifact"
+        - "actions/upload-artifact"
+    ignore:
+        # Skip versions 4.x upload-artifact and download-artifact due to this issue: https://github.com/actions/upload-artifact/issues/478
+      - dependency-name: "actions/download-artifact"
+        versions: [">=4.0.0"]
+      - dependency-name: "actions/upload-artifact"
+        versions: [">=4.0.0"]
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: ".github/workflows"
+    target-branch: "8.x"
+    schedule:
+      interval: "monthly"
+    labels:
+>>>>>>> 7ffa27b7 (Improve 8.x Dependency Updates (#2691))
       - "dependency"
       - "github_actions"
     groups:

diff --git a/.github/workflows/updatecli.yml b/.github/workflows/updatecli.yml
@@ -43,12 +43,13 @@ env:
 
 jobs:
   updatecli:
-    name: Update ${{ matrix.pipeline-name }} dependencies
+    name: "[${{ matrix.git-branch }}] Update ${{ matrix.pipeline-name }} dependencies"
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         pipeline-name: [ beats, golang, hermit, mods ]
+        git-branch: [ main, 8.x ]
     steps:
       - uses: actions/checkout@v4
       - name: Init Hermit
@@ -58,7 +59,7 @@ jobs:
       - name: Run Updatecli in Apply mode
         run: updatecli apply --config .ci/updatecli/updatecli.d/update-${{ matrix.pipeline-name }}.yml --values .ci/updatecli/values.yml
         env:
-          GIT_BRANCH: main
+          GIT_BRANCH: ${{ matrix.git-branch }}
           GIT_USER: "Cloud Security Machine"
           GITHUB_TOKEN: ${{ secrets.CLOUDSEC_MACHINE_TOKEN }}