CNF-23207: Add GitHub Actions to Dependabot config

[sebrandon1]

Summary

• Add github-actions package ecosystem to Dependabot config with weekly checks
• Keeps GitHub Actions (e.g., actions/checkout) up to date automatically

Test plan

• YAML is valid Dependabot v2 config

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign browsell for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Warning

Review limit reached

@sebrandon1, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 44 minutes and 40 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: d3ce5ca9-1ac2-4d39-a01b-2069d81d57c7

📥 Commits

Reviewing files that changed from the base of the PR and between 7b81143 and 07b2b97.

📒 Files selected for processing (1)

• .github/dependabot.yml

📝 Walkthrough

Walkthrough

Dependabot configuration is extended to monitor GitHub Actions versions in addition to Go module dependencies, with weekly update checks configured for the repository root.

Changes

Dependabot Configuration

Layer / File(s)	Summary
Dependabot Configuration .github/dependabot.yml	A new updates entry is added for the github-actions ecosystem, scoped to the repository root and scheduled to run on a weekly interval.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding GitHub Actions to the Dependabot configuration with a reference to the related Jira ticket.
Description check	✅ Passed	The description provides a clear summary of changes and test plan but omits most recommended template sections like background, implementation details, and checklist.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@sebrandon1: This pull request references CNF-23207 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

• Add github-actions package ecosystem to Dependabot config with weekly checks
• Keeps GitHub Actions (e.g., actions/checkout) up to date automatically

Test plan

• YAML is valid Dependabot v2 config

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[sebrandon1]

/retest

[openshift-ci]

@sebrandon1: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/ibu-e2e-flow-v4v6	07b2b97	link	false	/test ibu-e2e-flow-v4v6
ci/prow/ibu-e2e-flow-v6v4	07b2b97	link	false	/test ibu-e2e-flow-v6v4
ci/prow/ibu-e2e-flow	07b2b97	link	false	/test ibu-e2e-flow
ci/prow/ipc-e2e-flow-v6v4	07b2b97	link	false	/test ipc-e2e-flow-v6v4
ci/prow/ibi-e2e-flow-v6v4	07b2b97	link	false	/test ibi-e2e-flow-v6v4
ci/prow/ibi-e2e-flow	07b2b97	link	false	/test ibi-e2e-flow
ci/prow/ipc-e2e-flow-v4v6	07b2b97	link	false	/test ipc-e2e-flow-v4v6
ci/prow/ipc-e2e-flow	07b2b97	link	true	/test ipc-e2e-flow
ci/prow/ibi-e2e-flow-v4v6	07b2b97	link	false	/test ibi-e2e-flow-v4v6

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.