From 9d2951d82cc3213b4f22058ec966f9936d3f262d Mon Sep 17 00:00:00 2001
From: Jin Dong <djdongjin95@gmail.com>
Date: Tue, 14 Jan 2025 23:11:19 -0500
Subject: [PATCH] Create a dependabot group for all go deps

Dependabot seems to only update a dep in all go modoules,
if it belongs to a group.

This new group will cover all deps that are not part of
an existing group, so they get updated in all go.mod.

I think this will help avoid issues like
https://github.com/containerd/stargz-snapshotter/pull/1939

Signed-off-by: Jin Dong <djdongjin95@gmail.com>
---
 .github/dependabot.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 54ef8633e..0826b7f69 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -29,6 +29,17 @@ updates:
       k8s:
         patterns:
           - "k8s.io/*"
+      gomod:
+        # this pattern covers all go dependencies that are not in
+        # the above groups. dependabot doesn't seem to update sub-modules if
+        # a dependency doesn't belong to a group, so we define this group
+        # explicitly.
+        exclude-patterns:
+          - "golang.org/x/*"
+          - "google.golang.org/*"
+          - "github.com/containerd/*"
+          - "github.com/opencontainers/*"
+          - "k8s.io/*"
 
   # Automatic upgrade for base images used in the Dockerfile
   - package-ecosystem: "docker"