ROSA-745: sync dependabot and MintMaker gomod config

[MitaliBhalla]

Summary

Config-only ROSA-745 (not make boilerplate-update):

• .github/dependabot.yml — docker-only /build, weekly Mon 03:00 UTC, lgtm/approved, ignores from build/ (boilerplate #748)
• .github/renovate.json — enabledManagers: [tekton, gomod]; rules inherited via extends openshift/boilerplate

No boilerplate/_data/last-boilerplate-commit change — renovate extends uses live boilerplate.

Test plan

• CI green (prow + Konflux)
• MintMaker Dependency Dashboard shows gomod after merge

Jira: ROSA-745

[openshift-ci-robot]

@MitaliBhalla: This pull request references ROSA-745 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the initiative to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

• make boilerplate-update for latest boilerplate dependency automation config
• Sync .github/dependabot.yml (docker-only, weekly Mon 03:00 UTC, lgtm/approved)
• Enable MintMaker gomod via enabledManagers in .github/renovate.json

Test plan

• CI green (prow + Konflux)
• Dependabot opens docker PRs with lgtm/approved after merge
• MintMaker Dependency Dashboard shows gomod

Jira: ROSA-745

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Updates repository automation and documentation: Dependabot labels and schedule, Renovate managers, pre-commit quick-start comments, two OWNERS_ALIASES removals, and reformatting of the DeadmansSnitchIntegration CRD schema descriptions.

Changes

Repository Configuration and Team Updates

Layer / File(s)	Summary
Dependency automation .github/dependabot.yml	Added Dependabot PR labels lgtm, approved and made the weekly schedule explicit (day: monday, time: 03:00, timezone: UTC).
Renovate managers .github/renovate.json	Added enabledManagers array enabling tekton and gomod.
Pre-commit quick start docs .pre-commit-config.yaml	Expanded the installation quick-start (including uv workflow and pinned pre-commit==4.6.0) and updated the git-blame ignore-revs comment; hook configs unchanged.
Team membership updates OWNERS_ALIASES	Removed devppratik from srep-functional-team-hulk and iamkirkbater from srep-team-leads.
CRD schema formatting deploy_pko/CustomResourceDefinition-deadmanssnitchintegrations.deadmanssnitch.managed.openshift.io.yaml	Reformatted OpenAPI schema description strings to YAML block scalars and added a trivial leading blank line; schema semantics and identity unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error)

Check name	Status	Explanation	Resolution
Ote Binary Stdout Contract	❌ Error	fips.go (package main) has init() calling fmt.Println to stdout, which violates the OTE JSON-on-stdout contract by emitting non-JSON stdout before tests.	Replace fmt.Println in init() with a stderr write (e.g., fmt.Fprintln(os.Stderr,...)) or otherwise ensure all logging/prints go to stderr so main stdout stays JSON-only.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	No Ginkgo tests detected: repo has 0 occurrences of “ginkgo” in Go files and none of It/Describe/Context/When. PR changes are YAML/JSON/CRD/OWNERS config only.
Test Structure And Quality	✅ Passed	PR’s changed *_test.go files use Go’s testing/testify only; no Ginkgo code found (no ginkgo imports/BeforeEach/Eventually/Consistently). Check not applicable.
Microshift Test Compatibility	✅ Passed	git diff --name-only master..HEAD shows only config/boilerplate/CRD YAML changes—no Go/Ginkgo e2e *_test.go files added, so no MicroShift compatibility issue to assess.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR #324 diff only touches Dependabot/Renovate/pre-commit/OWNERS and CRD YAML; no Go/Ginkgo e2e tests were added or modified, so no SNO assumptions to flag.
Topology-Aware Scheduling Compatibility	✅ Passed	PR #324 diff shows only dependency automation/config and CRD schema reformatting; no added/modified scheduling constraints (affinity/anti-affinity/topologySpread/PDB/nodeSelector) found.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR #324 changes only config/boilerplate/CRD YAML and docs; diff contains no *_test.go and no Ginkgo markers (Describe/It/Context/When), so no IPv6/disconnected test assumptions to flag.
No-Weak-Crypto	✅ Passed	Scanned repo (including PR-related YAML/boilerplate/Go files) for weak-crypto tokens (MD5/SHA1/DES/RC4/3DES/Blowfish/ECB) and crypto/constant-time patterns; found no matches.
Container-Privileges	✅ Passed	Repo-wide scan of all .yml found no matches for privileged:true, hostPID/hostNetwork/hostIPC, SYS_ADMIN, allowPrivilegeEscalation:true, runAsUser:0, or runAsNonRoot:false.
No-Sensitive-Data-In-Logs	✅ Passed	Searched the PR file diffs for sensitive-log indicators (e.g., token/password/Authorization/BEGIN) and found no matches; added logging is generic (e.g., cat "$log_file") without secret strings.
Title check	✅ Passed	The PR title mentions syncing dependabot and gomod config, which aligns with the main objectives of updating dependency automation configuration and enabling MintMaker gomod.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: MitaliBhalla
Once this PR has been reviewed and has the lgtm label, please assign anispate for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 43.28%. Comparing base (e33c4cf) to head (dd0ea8d).

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #324   +/-   ##
=======================================
  Coverage   43.28%   43.28%           
=======================================
  Files          11       11           
  Lines         834      834           
=======================================
  Hits          361      361           
  Misses        424      424           
  Partials       49       49           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[openshift-ci]

@MitaliBhalla: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[MitaliBhalla]

Closing to reopen a clean ROSA-745 PR (upstream sync + boilerplate-update + dependabot/renovate config).