Add dependabot dependency groups to reduce PR noise

[sebrandon1]

Summary

• Group related Go module dependencies in dependabot config so updates arrive as single PRs instead of flooding the repo with individual PRs
• Groups added: golang-x, sigstore, containers, podman, google-grpc, testing, spf13-cli
• Also adds golang-x grouping for the /tools directory

This addresses the current situation where 6 separate golang.org/x/* PRs (#5135, #5136, #5138, #5139, #5140, #5137) were opened simultaneously.

References

• Improve dependabot groups redhat-best-practices-for-k8s/certsuite-qe#1297
• Add grouping for 'actions' folder specifically redhat-best-practices-for-k8s/certsuite#2888

Test plan

• Verify YAML syntax is valid
• Confirm dependabot closes existing individual PRs and opens grouped ones on next scheduled run

Summary by CodeRabbit

• Chores
  • Updated dependency management configuration to better organize and track dependencies across different project sections.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign cfergeau for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @sebrandon1. Thanks for your PR.

I'm waiting for a crc-org member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Walkthrough

The pull request adds new dependency grouping rules to the Dependabot configuration for gomod updates, organizing Go package dependencies by category (golang.org/x, sigstore, containers, google, testing libraries) across both the root and tools directories.

Changes

Cohort / File(s)	Summary
Dependabot Configuration .github/dependabot.yml	Added dependency groups for gomod updates in root and /tools sections, organizing golang.org/x, github.com/sigstore, github.com/containers, go.podman.io, google.golang.org, testing frameworks (onsi, cucumber, stretchr), and spf13 CLI packages. No removals or schedule interval changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Dependencies grouped with care,
Organized patterns everywhere,
Tools and root in harmony flow,
Dependabot gardens now grow!
✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description provides a clear summary of changes, references specific issues, and includes a test plan, but doesn't follow the repository's required template structure with Type of change, Proposed changes, Contribution Checklist, etc.	Consider following the repository's description template more closely by including sections like 'Type of change' (Chore), 'Proposed changes' (numbered list), and 'Contribution Checklist' for consistency.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding dependency groups to Dependabot config to consolidate related PR updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

.github/dependabot.yml (1)

24-26: Nit: Group name google-grpc is broader than just gRPC.

The pattern google.golang.org/* matches google.golang.org/protobuf, google.golang.org/genproto, google.golang.org/api, etc., not just gRPC. Consider renaming to google or google-golang for clarity.

Suggested rename

-    google-grpc:
+    google:
       patterns:
         - "google.golang.org/*"

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}