GitHub: Improve Dependabot.

[Gacko]

What this PR does / why we need it:

This morning I found out that Dependabot fails to update our Dockerfiles:

https://github.com/kubernetes/ingress-nginx/network/updates/892831825

It's looking for a Dockerfile in the images directory. Apparently the current config is not working recursively. After a short research I found that the directories (not directory) config key supports wildcards and nested locations:

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#directories

At first I thought using just * would be enough, but reading the docs a second time, I came to the conclusion that this would only cover the root directory and directories in side the root directory, but not nested directories. So I went for / and **/* to cover both the root directory and nested directories.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• CVE Report (Scanner found CVE and adding report)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation only

Which issue/s this PR fixes

https://github.com/kubernetes/ingress-nginx/network/updates/892831825

How Has This Been Tested?

Cannot be tested before merging.

Checklist:

• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I've read the CONTRIBUTION guide
• I have added unit and/or e2e tests to cover my changes.
• All new and existing tests passed.

[netlify]

✅ Deploy Preview for kubernetes-ingress-nginx canceled.

Name	Link
🔨 Latest commit	4e73d53
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-ingress-nginx/deploys/66fa966b153aeb0008bac9eb

[Gacko]

/triage accepted
/kind bug
/priority important-soon
/cc @strongjz @rikatz @cpanato @tao12345666333

[Gacko]

Also @cpanato, as you seem to be around: What's your understanding of the docs? As stated above I'm not sure if just * would be enough as, according to the docs and my understanding, it only covers the root directory and 1st level directories, but not nested ones. WDYT?

[cpanato]

Also @cpanato, as you seem to be around: What's your understanding of the docs? As stated above I'm not sure if just * would be enough as, according to the docs and my understanding, it only covers the root directory and 1st level directories, but not nested ones. WDYT?

yes, that is my understanding as well but i would keep as you did

[Gacko]

Ok, nice!

Sorry for the confusion. I re-ordered the entries a bit. You might want to have a look at the current state instead of the change only: https://github.com/kubernetes/ingress-nginx/blob/2480386ef37576992f5470905797fc3c1d45e540/.github/dependabot.yml

[Gacko]

Ok, lol. These settings are maybe a bit broad. These are the PRs Dependabot came up with in one run:

https://github.com/Gacko/ingress-nginx-dependabot/pulls

And it already exceeded the limit of 5 PRs.

[Gacko]

I amended the PR to not flood us with updates on merge. Also I split my changes in atomic commits.

Right now I only fixed the directories for the Docker dependencies and added most occurrences of go.mod files to the Go section.

Before Dependabot failed to update Dockerfiles because they were not lying in /images but in /rootfs & /images/*/rootfs. This is why I just went for **/rootfs as otherwise we would need separate entries for /rootfs and /images/*/rootfs.

The same basically applies for Go modules: We have go.mod files in / & /images/*/rootfs.

We can still broaden the scope later, but for now I would like to do just a small first step to not get flooded by dependency bump PRs and possible breaking changes.

[Gacko]

/cherry-pick release-1.10

[Gacko]

/cherry-pick release-1.11

[k8s-infra-cherrypick-robot]

@Gacko: once the present PR merges, I will cherry-pick it on top of release-1.10 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.10

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-infra-cherrypick-robot]

@Gacko: once the present PR merges, I will cherry-pick it on top of release-1.11 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[cpanato]

thanks

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato, Gacko

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Gacko,cpanato]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-infra-cherrypick-robot]

@Gacko: new pull request created: #12037

In response to this:

/cherry-pick release-1.10

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-infra-cherrypick-robot]

@Gacko: new pull request created: #12038

In response to this:

/cherry-pick release-1.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.