chore(deps): add dependabot configuration for github-actions

[safiya2610]

Fixes #392

Description

As requested, adding a standalone Dependabot configuration to automatically track and update pinned SHAs for our GitHub Actions workflows. This ensures our actions stay up-to-date and secure without manual overhead.

Key Changes

• Created .github/dependabot.yml targeting the github-actions ecosystem.
• Set the update schedule to weekly.
• Configured semantic commit prefixes (chore(deps): ).

[volcano-sh-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign hzxuzhonghu for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gemini-code-assist]

Code Review

This pull request introduces a Dependabot configuration file (.github/dependabot.yml) to automatically track and update GitHub Actions dependencies on a weekly basis. The review feedback recommends grouping these updates into a single weekly pull request to minimize notification noise and ensure the configuration file ends with a proper newline character.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[Copilot]

Pull request overview

Adds a Dependabot configuration to automatically check for updates to GitHub Actions used in workflows, supporting the repo’s workflow-hardening effort by keeping pinned action SHAs current.

Changes:

• Added .github/dependabot.yml targeting the github-actions ecosystem.
• Configured a weekly update cadence.
• Set Dependabot PR commit-message prefix to chore(deps): .

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.66%. Comparing base (524e55e) to head (00ed15b).
⚠️ Report is 146 commits behind head on main.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #396       +/-   ##
===========================================
+ Coverage   47.57%   58.66%   +11.09%     
===========================================
  Files          30       37        +7     
  Lines        2819     3491      +672     
===========================================
+ Hits         1341     2048      +707     
+ Misses       1338     1234      -104     
- Partials      140      209       +69     

Flag	Coverage Δ
unittests	58.66% <ø> (+11.09%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[safiya2610]

@zhzhuang-zju Please review this PR too.