Improve 8.x Dependency Updates

.ci/updatecli/updatecli.d/update-beats.yml

@@ -16,7 +16,7 @@ scms:
 
 actions:
   default:
-    title: '[updatecli] Update to elastic/beats@{{ source "beats" }}'
+    title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update to elastic/beats@{{ source "beats" }}'
     kind: github/pullrequest
     scmid: default
     spec:

.ci/updatecli/updatecli.d/update-golang.yml

@@ -16,16 +16,16 @@ scms:
 
 actions:
   cloudbeat:
-    title: '[updatecli] Update Golang version to {{ source "latestGoVersion" }}'
+    title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update Golang version to {{ source "latestGoVersion" }}'
     kind: github/pullrequest
     scmid: default
     sourceid: latestGoVersion
     spec:
       automerge: false
       labels:
         - automation
+        - backport-skip
         - dependency
-        - backport-v8.x
         - go
       description: |-
         ### What

.ci/updatecli/updatecli.d/update-hermit.yml

@@ -16,14 +16,14 @@ scms:
 
 actions:
   default:
-    title: '[updatecli] Update hermit and pre-commit dependencies'
+    title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update hermit and pre-commit dependencies'
     kind: github/pullrequest
     scmid: default
     spec:
       automerge: false
       labels:
         - automation
-        - backport-v8.x
+        - backport-skip
         - dependency
       description: |-
         ### What

.ci/updatecli/updatecli.d/update-mods.yml

@@ -16,14 +16,14 @@ scms:
 
 actions:
   default:
-    title: '[updatecli] Update golang mod dependencies'
+    title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update golang mod dependencies'
     kind: github/pullrequest
     scmid: default
     spec:
       automerge: false
       labels:
         - automation
-        - backport-v8.x
+        - backport-skip
         - dependency
         - go
       description: |-

.github/dependabot.yml

@@ -26,24 +26,77 @@ updates:
         patterns:
           - "github.com/aquasecurity/*"
     labels:
-      - "backport-v8.x"
       - "dependency"
       - "go"
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 2
     # elastic/beats is using v7 in their go.mod, leading to automatic updates not working. Manual update is needed with
     # go get -u github.com/elastic/beats/v7@<commit sha>
     ignore:
       - dependency-name: "github.com/elastic/beats/v7"
     schedule:
       interval: "monthly"
 
+  - package-ecosystem: "gomod"
+    target-branch: "8.x"
+    directory: "/"
+    groups:
+      azure:
+        patterns:
+          - "github.com/Azure/*"
+      aws:
+        patterns:
+          - "github.com/aws/*"
+      google:
+        patterns:
+          - "cloud.google.com/*"
+          - "google.golang.org/api"
+      elastic:
+        patterns:
+          - "github.com/elastic/*"
+      k8s:
+        patterns:
+          - "k8s.io/*"
+      trivy:
+        patterns:
+          - "github.com/aquasecurity/*"
+    labels:
+      - "dependency"
+      - "go"
+    open-pull-requests-limit: 2
+    # elastic/beats is using v7 in their go.mod, leading to automatic updates not working. Manual update is needed with
+    # go get -u github.com/elastic/beats/v7@<commit sha>
+    ignore:
+      - dependency-name: "github.com/elastic/beats/v7"
+    schedule:
+      interval: "monthly"
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: ".github/workflows"
+    schedule:
+      interval: "monthly"
+    labels:
+      - "dependency"
+      - "github_actions"
+    groups:
+      artifact:
+        patterns:
+        - "actions/download-artifact"
+        - "actions/upload-artifact"
+    ignore:
+        # Skip versions 4.x upload-artifact and download-artifact due to this issue: https://github.com/actions/upload-artifact/issues/478
+      - dependency-name: "actions/download-artifact"
+        versions: [">=4.0.0"]
+      - dependency-name: "actions/upload-artifact"
+        versions: [">=4.0.0"]
+
   # Maintain dependencies for GitHub Actions
   - package-ecosystem: "github-actions"
     directory: ".github/workflows"
+    target-branch: "8.x"
     schedule:
       interval: "monthly"
     labels:
-      - "backport-v8.x"
       - "dependency"
       - "github_actions"
     groups:

.github/workflows/updatecli.yml

@@ -43,12 +43,13 @@ env:
 
 jobs:
   updatecli:
-    name: Update ${{ matrix.pipeline-name }} dependencies
+    name: "[${{ matrix.git-branch }}] Update ${{ matrix.pipeline-name }} dependencies"
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         pipeline-name: [ beats, golang, hermit, mods ]
+        git-branch: [ main, 8.x ]
     steps:
       - uses: actions/checkout@v4
       - name: Init Hermit
@@ -58,7 +59,7 @@ jobs:
       - name: Run Updatecli in Apply mode
         run: updatecli apply --config .ci/updatecli/updatecli.d/update-${{ matrix.pipeline-name }}.yml --values .ci/updatecli/values.yml
         env:
-          GIT_BRANCH: main
+          GIT_BRANCH: ${{ matrix.git-branch }}
           GIT_USER: "Cloud Security Machine"
           GITHUB_TOKEN: ${{ secrets.CLOUDSEC_MACHINE_TOKEN }}