Add updatecli Configuration for Automated Updating of Package Registry URL Version

[JDKurma]

What does this PR do?

Adds updatecli configuration to create a PR on package registry version updates in order to retrieve the latest categories

Local Verification:

❯ GITHUB_ACTOR=jdkurma GITHUB_TOKEN=$(gh auth token) \   
    updatecli --experimental diff \
    --config .github/workflows/updatecli \
    --values .github/workflows/updatecli/values.d/scm.yml
Experimental Mode Enabled
WARNING: Deprecated command, please instead use `updatecli pipeline diff`


+++++++++++
+ PREPARE +
+++++++++++

Loading Pipeline ".github/workflows/updatecli/updatecli.d/bump-package-registry-categories-version.yml"
Loading Pipeline ".github/workflows/updatecli/values.d/scm.yml"

SCM repository retrieved: 1


++++++++++++++++++
+ AUTO DISCOVERY +
++++++++++++++++++



++++++++++++
+ PIPELINE +
++++++++++++


############################################
# BUMP PACKAGE REGISTRY CATEGORIES VERSION #
############################################

Pipeline ID     : bump-package-registry-categories-version
Dry Run         : enabled

source: latestRegistryVersion
-----------------------------

WARNING: Engine "dasel/v1" is deprecated and will be removed in a future updatecli version. Please use "dasel/v2" instead.
WARNING: Engine "dasel/v1" is deprecated and will be removed in a future updatecli version. Please use "dasel/v2" instead.
✔ value "v1.38.0", found in file "https://api.github.com/repos/elastic/package-registry/releases/latest", for key ".tag_name"
WARNING: Engine "dasel/v1" is deprecated and will be removed in a future updatecli version. Please use "dasel/v2" instead.

target: update-package-registry-categories-url
----------------------------------------------

Repository      : github.com/elastic/package-spec@main

✔ - all contents from 'file' and 'files' combined already up to date
WARNING: Engine "dasel/v1" is deprecated and will be removed in a future updatecli version. Please use "dasel/v2" instead.

###########
# SCM.YML #
###########

Pipeline ID     : f50ca7ab7cdb51f68c46dfad30d573950701242d7457923cb3212b30f4d34f0d
Dry Run         : enabled


ACTIONS
========

---
Pipeline Name   : Bump Package Registry categories version
Pipeline ID     : bump-package-registry-categories-version
Dry run         : true
Repository      : github.com/elastic/package-spec@main
Action          : [updatecli] Update Package Registry categories URL to v1.38.0
---

No follow up action needed


UDASH - EXPERIMENTAL
=====================

Publishing report to Udash
no Udash endpoint detected, skipping


REPORT - EXPERIMENTAL
======================

Bump Package Registry categories version:
        => "/var/folders/bb/myg0lcmj54z_c9sckgs3tc8r0000gn/T/updatecli/report/54812d68a5aa5a82233b63fe8fcec4f9f5a44655492f4e9667e9927a898fcec0/20260505154621.yaml"
SCM.YML:
        => "/var/folders/bb/myg0lcmj54z_c9sckgs3tc8r0000gn/T/updatecli/report/67b2f2b5d094e2b705867a84bd7b4c2b396e9ded7d1dd522f95b2a9e0a9d12ea/20260505154621.yaml"

=============================

SUMMARY:

✔ Bump Package Registry categories version:
        Source:
                ✔ [latestRegistryVersion] Get latest Package Registry version
        Target:
                ✔ [update-package-registry-categories-url] [updatecli] Update Package Registry categories URL to v1.38.0
                      * Repository: https://github.com/elastic/package-spec.git (branch: main)


✔ SCM.YML:

Run Summary
===========
Pipeline(s) run:
  * Changed:    0
  * Failed:     0
  * Skipped:    0
  * Succeeded:  2
  * Total:      2


---
A new version of updatecli is available: v0.117.0 (current: "0.117.0")
Changelog available at: www.updatecli.io/changelogs/updatecli/changelogs/v0.117.0/
---

Why is it important?

Without some type of upkeep, the package registry URL will become stale with whatever pinned version we keep. To avoid manual busywork, updatecli provides a automated way to periodically check for new package registry versions, make the modification to our URL, and create a PR.

Checklist

• I have added test packages to test/packages that prove my change is effective.
• I have added an entry in spec/changelog.yml.

Related issues

#1095 (comment)

Summary by CodeRabbit

• Chores
  • Added a scheduled/manually-triggered CI workflow to run Updatecli for routine updates.
  • Added an automation workflow that opens PRs to bump package registry category versions based on the latest release.
  • Added SCM configuration values to support the automated update workflows.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 50dd9ba3-6c3f-4abb-9346-3b8fb2ee6bac

📥 Commits

Reviewing files that changed from the base of the PR and between 8f2a84b and a2c0610.

📒 Files selected for processing (1)

• .github/workflows/run-updatecli.yml

---

📝 Walkthrough

Walkthrough

This PR adds Updatecli automation: an orchestrator workflow that runs Updatecli (manual, weekday cron, or on updatecli PRs) and chooses diff vs apply mode; SCM values specifying elastic/package-spec; and an Updatecli pipeline that fetches the latest elastic/package-registry release and updates a Go validation file, opening an automated PR against main.

Changes

Updatecli Automation Setup

Layer / File(s)	Summary
Run Updatecli orchestrator workflow .github/workflows/run-updatecli.yml	Main GitHub Actions workflow controls when and how Updatecli executes via workflow_dispatch, weekday cron, and pull_request triggers on updatecli workflow changes. Sets workflow/job permissions, selects UPDATECLI_ACTION (diff for PRs, apply otherwise), installs the pinned Updatecli action, and runs updatecli --experimental with GITHUB_TOKEN.
SCM configuration and package-registry update pipeline .github/workflows/updatecli/values.d/scm.yml, .github/workflows/updatecli/updatecli.d/bump-package-registry-categories-version.yml	Adds SCM metadata (owner: elastic, repository: package-spec) and an Updatecli pipeline that fetches the latest elastic/package-registry release tag and replaces the versioned package-registry/.../categories/categories.yml pattern in code/go/internal/validator/semantic/validate_datastream_package_categories.go, then creates an automated PR against main labeled automation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hop through YAML lines tonight,

Cron and dispatch set just right,
A registry tag I fetch and sing,
Updatecli makes the new change spring,
PRs blossom under CI light.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding updatecli configuration to automate package registry URL version updates. It is specific, clear, and directly reflects the primary objective of the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/run-updatecli.yml:
- Around line 4-24: Add a GitHub Actions concurrency block to prevent
overlapping runs for this workflow: add a top-level concurrency stanza (or under
the updatecli job) using a stable group name that includes the workflow and
branch/run type (e.g., "updatecli-${{ github.ref }}") and set
cancel-in-progress: true so scheduled and manual runs for the updatecli job
don't overlap; update the workflow's concurrency configuration near the existing
on/permissions/jobs definitions to reference the "updatecli" job context.
- Line 25: Replace the mutable checkout step "uses: actions/checkout@v6" with a
pinned commit SHA and set persist-credentials: false; specifically, locate the
workflow step that contains "uses: actions/checkout@v6" and change it to use the
actions/checkout commit SHA (matching the style used by "updatecli-action") and
add the input "persist-credentials: false" to prevent inheriting repository
credentials in this write-scoped workflow.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: eb13ea01-3aee-4ca7-bb81-8ffe56383693

📥 Commits

Reviewing files that changed from the base of the PR and between 5a8b241 and 8f2a84b.

📒 Files selected for processing (3)

• .github/workflows/run-updatecli.yml
• .github/workflows/updatecli/updatecli.d/bump-package-registry-categories-version.yml
• .github/workflows/updatecli/values.d/scm.yml

[jsoriano]

Can you please add also dependabot configuration to update these actions? It would be to add something like this:

  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      # Check for updates to GitHub Actions every week
      interval: "weekly"
    open-pull-requests-limit: 2
    labels:
      - automation

[teresaromero]

i think it will be handy to use a "default" version (hardcoded and updated with this workflow), but also allow the user doing the validation to use an ENV in case it wants to change the version of the source file. WDYT?

something like this

// validate_datastream_package_categories.go

const (
	defaultPackageRegistryTag = "v1.38.0"
)

var (
	packageRegistryCategoriesURLTemplate = "https://raw.githubusercontent.com/elastic/package-registry/%s/categories/categories.yml"
)

func packageRegistryCategoriesURL() string {
	if u := os.Getenv("PACKAGE_SPEC_REGISTRY_CATEGORIES_TAG"); u != "" {
		return fmt.Sprintf(packageRegistryCategoriesURLTemplate, u)
	}
	return fmt.Sprintf(packageRegistryCategoriesURLTemplate, defaultPackageRegistryTag)
}