OCM-24479 | ci: configure Renovate for ROSA CLI

[olucasfreitas]

PR Summary

Add a MintMaker-compatible renovate.json so ROSA CLI dependency updates can be proposed through the repo's existing Konflux/Prow workflow, including the OCM-24531 requirement to auto-merge Konflux .tekton updates.

Detailed Description of the Issue

The ROSA CLI repo did not have in-repo dependency automation even though it already carries several update surfaces that benefit from regular maintenance, including the root Go module, Bingo-managed tool modules, Dockerfiles, and Tekton bundle references.

This change adds a repo-local Renovate configuration based on the newer provider-repo setup while adapting it to ROSA-specific constraints:

• use the existing ok-to-test bot workflow
• keep commit titles compatible with the repo template
• avoid reviewersFromCodeOwners because this repo has OWNERS, not GitHub CODEOWNERS
• cover Bingo's nonstandard .bingo/*.mod files with gomod.managerFilePatterns
• group high-churn dependency ecosystems to keep PR volume reviewable
• enable auto-merge for Konflux-managed .tekton updates, which is the ROSA CLI portion of OCM-24531

Related Issues and PRs

• Jira:
  • OCM-24479
  • OCM-24531
• Fixes: N/A
• Related PR(s):
  • Companion release PR for OCM-24531: openshift/release#79678
  • Provider reference: terraform-redhat/terraform-provider-rhcs renovate.json
• Related design/docs: N/A

Type of Change

• feat - adds a new user-facing capability.
• fix - resolves an incorrect behavior or bug.
• docs - updates documentation only.
• style - formatting or naming changes with no logic impact.
• refactor - code restructuring with no behavior change.
• test - adds or updates tests only.
• chore - maintenance work (tooling, housekeeping, non-product code).
• build - changes build system, packaging, or dependencies for build output.
• ci - changes CI pipelines, jobs, or automation workflows.
• perf - improves performance without changing intended behavior.

Previous Behavior

The repository had no in-repo Renovate or Dependabot configuration, so dependency update handling for Go modules, Bingo-managed tool modules, Dockerfiles, and Tekton bundle references depended on manual maintenance. Konflux .tekton reference PRs also had no repo-local auto-merge policy.

Behavior After This Change

The repository has a MintMaker-compatible renovate.json that:

• enables gomod, dockerfile, and tekton managers
• keeps ok-to-test labeling and bot-friendly commit prefixes
• constrains Go updates to the current supported baseline
• groups AWS, OCM, Kubernetes, testing, CLI helper, and Bingo tool updates
• allows Tekton dependency updates to follow the established Konflux path
• auto-merges Konflux .tekton updates via the Tekton manager rule, explicitly scoped to .tekton/**/*.yaml and .tekton/**/*.yml

How to Test (Step-by-Step)

Preconditions

• Node.js and npx available locally.

Test Steps

1. Validate JSON syntax:

   python -c "import json; json.load(open('renovate.json')); print('json-ok')"

2. Validate Renovate configuration:

   npx --yes --package renovate renovate-config-validator renovate.json

3. Review the config contents and confirm it covers:
   • root go.mod
   • .bingo/*.mod
   • Dockerfiles
   • .tekton dependency references
   • packageRules entry enabling automerge for .tekton updates

Expected Results

• JSON syntax validation prints json-ok.
• Renovate validator reports Config validated successfully.
• The config reflects the ROSA-specific grouping, labels, and manager coverage described above.
• The Tekton manager rule clearly enables auto-merge for Konflux .tekton updates.

Proof of the Fix

• Logs/CLI output: json-ok from Python JSON parsing and Config validated successfully from renovate-config-validator.

Breaking Changes

• No breaking changes
• Yes, this PR introduces a breaking change (describe impact and migration plan below)

Breaking Change Details / Migration Plan

N/A

Developer Verification Checklist

• Commit subject/title follows [JIRA-TICKET] | [TYPE]: <MESSAGE>.
• PR description clearly explains both what changed and why.
• Relevant Jira/GitHub issues and related PRs are linked.
• make install-hooks has been run in this clone.
• Tests were added/updated where appropriate.
• I manually tested the change.
• make test passes.
• make lint passes.
• make rosa passes.
• Documentation or repo-local agent guidance was added/updated where appropriate.
• Any risk, limitation, or follow-up work is documented.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a repository-level Renovate configuration enabling gomod, tekton, and dockerfile managers; sets commit/PR/dashboard limits, minimum release-age, disables vulnerability alerts, and adds labels. Constrains Go toolchain to 1.25.8, scopes gomod to .bingo/*.mod, enables gomod post-update steps, and disables indirect gomod updates. Adds package rules to automerge Konflux Tekton task updates, prevent golang-version minor/major bumps, group multiple gomod dependency sets, and cap k8s.io/apimachinery to < 0.36.0.

Suggested reviewers

• davidleerh

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Test Structure And Quality	⚠️ Warning	Ginkgo tests lack assertion messages. 91-97% of assertions across sampled test files are bare, e.g., Expect(err).To(BeNil()) without diagnostic context, violating criterion 4 requirements.	Add meaningful failure messages to all Expect() calls: use Expect(err).NotTo(HaveOccurred(), "context message") instead of bare Expect(err).NotTo(HaveOccurred()). Split tests checking multiple unrelated behaviors.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: adding Renovate configuration for ROSA CLI dependency automation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR only adds renovate.json configuration file; no Ginkgo test files are added or modified, making this check not applicable.
Microshift Test Compatibility	✅ Passed	This PR adds a renovate.json configuration file only. The MicroShift Test Compatibility check applies only when new Ginkgo e2e tests are added (It(), Describe(), etc.), which is not the case here.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR adds only unit tests for ROSA CLI, not OpenShift e2e tests. All tests use Ginkgo framework to test CLI functionality with mocked APIs, not cluster interactions requiring multi-node assumptions.
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds only renovate.json, a dependency management config file. No deployment manifests, operator code, controllers, or Kubernetes scheduling constraints present.
Ote Binary Stdout Contract	✅ Passed	No stdout writes to process-level code detected. Changes are confined to test case assertions (intercepted by framework), helper function removal, version constant, and renovate config.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR only adds renovate.json configuration file; contains no Ginkgo e2e tests (It, Describe, Context, When), so check is not applicable.
Description check	✅ Passed	PR description comprehensively covers all required sections with clear explanations of the problem, changes, and validation approach.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[olucasfreitas]

@amandahla please review this when you can, medium priority

[amandahla]

/approve
/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: amandahla, olucasfreitas

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [amandahla,olucasfreitas]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment