feat(build): automatically apply security updates for release branches

[slonka]

Example PRs:

• chore(deps): security update slonka/kuma#9
• chore(deps): security update slonka/kuma#10

Example output:

• https://github.com/slonka/kuma/actions/runs/3956613355/jobs/6776020642

Once the PR is merged a new one won't be created. Also running action multiple times just updates the PR if there are things to update.

Signed-off-by: slonka slonka@users.noreply.github.com

Checklist prior to review

• Link to docs PR or issue -- will issue link if the PR get's accepted
• Link to UI issue or PR -- not a UI issue
• Is the issue worked on linked? --
• The PR does not hardcode values that might break projects that depend on kuma (e.g. "kumahq" as a image registry) --
• The PR will work for both Linux and Windows, system specific functions like syscall.Mkfifo have equivalent implementation on the other OS --
• Unit Tests -- only manual tests
• E2E Tests --
• Manual Universal Tests --
• Manual Kubernetes Tests --
• Do you need to update UPGRADE.md? --
• Does it need to be backported according to the backporting policy? -- no, actions are taken from main branch
• Do you need to explicitly set a > Changelog: entry here or add a ci/ label to run fewer/more tests?

Changelog: feat(security): add dependabot security updates to release branches

[lahabana]

This is a great initiative!

Was this considered as an option: https://github.com/G-Rath/check-with-osv-detector ?

[slonka]

Was this considered as an option: https://github.com/G-Rath/check-with-osv-detector ?

I think it's just a different CLI and I'm just using the official one. From what I saw the action does not do anything interesting just spits out the scan result, we'd still have to parse it and attempt dependency update.

[colinh-kong]

NICE!