chore: Configure Renovate

[elastic-renovate-prod]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• Dockerfile (dockerfile)
• Dockerfile.wolfi (dockerfile)
• .github/actions/build-distribution/action.yml (github-actions)
• .github/actions/packages/action.yml (github-actions)
• .github/workflows/labeler.yml (github-actions)
• .github/workflows/matrix-command.yml (github-actions)
• .github/workflows/microbenchmark.yml (github-actions)
• .github/workflows/packages.yml (github-actions)
• .github/workflows/pre-commit.yml (github-actions)
• .github/workflows/release.yml (github-actions)
• .github/workflows/run-matrix.yml (github-actions)
• .github/workflows/test-docs.yml (github-actions)
• .github/workflows/test-release.yml (github-actions)
• .github/workflows/test-reporter.yml (github-actions)
• .github/workflows/test.yml (github-actions)
• .github/workflows/updatecli.yml (github-actions)
• dev-utils/requirements.txt (pip_requirements)
• setup.py (pip_setup)
• setup.cfg (setup-cfg)
• Dockerfile (regex)
• Dockerfile.wolfi (regex)
• Dockerfile (regex)
• Dockerfile.wolfi (regex)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Chainguard Renovate configuration (https://ela.st/wolfi)
• Chainguard Renovate configuration (https://ela.st/wolfi)
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Pin Docker digests.
• Pin github-action digests.
• Pin dependency versions for devDependencies.
• Preset with best practices from the Renovate maintainers. Recommended for advanced users, who want to follow our best practices.
• Shared Renovate configuration for an out-of-the-box set of defaults for Renovate at Elastic
• Enable Renovate Dependency Dashboard creation.
• Pin Docker digests.
• Renovate configuration to only raise PRs for Chainguard updates, and ignore any other updates

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

What to Expect

With your current configuration, Renovate will create 1 Pull Request:

chore(deps): update docker.elastic.co/wolfi/chainguard-base:latest docker digest to 19764e8

• Schedule: ["at any time"]
• Branch name: renovate/wolfi-(rolling)
• Merge into: main
• Upgrade docker.elastic.co/wolfi/chainguard-base to sha256:19764e89441be1f36544f715a738abc1a1898f35ed729486d33172eb54e8d84a

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR has been generated by Renovate Bot.

[cla-checker-service]

💚 CLA has been signed

[esenmarti]

The required buildkite/docs-build-pr should (hopefully) be triggered after elastic/docs#3035 is submitted.

[reakaleek]

run docs-build

[nuugen]

@reakaleek I'm following up on the currently failing CLA check (as seen in this PR) for commits coming from Renovate Bot.

This is a known issue, and the solution is for the bot to to be added to the CLA Checker's bypass list. At the moment, this process is pending on the Legal team (see https://groups.google.com/a/elastic.co/g/devflow/c/I9wO5Avi50o/m/4QCdypeDAQAJ).

In the mean time, the proposed workaround to get the onboarding process unblocked, is for an Elastic engineer to:

1. Check out the raised PR branch
2. git commit --amend the commit(s) by Renovate Bot, making the the engineer the committer. This will pass the CLA check due to the implicit membership that an Elastic engineer has in the bypass list.

We realize that this is a reduced developer experience, but it should be temporary.

[esenmarti]

Hi @reakaleek ! CLA checks are now working as expected (See announcement in https://elastic.slack.com/archives/C07AMD4CNUR/p1722848021845209). Can we move forward with this?

As a remainder: this PR only enables Renovate for Chainguard updates.

[xrmx]

If the CLA issue has been resolved and so there's no manual work required to update renovate PRs it's fine for me

[esenmarti]

Can we merge now?

[elastic-renovate-prod]

Renovate is disabled

Renovate is disabled because there is no Renovate configuration file. To enable Renovate, you can either (a) change this PR's title to get a new onboarding PR, and merge the new onboarding PR, or (b) create a Renovate config file, and commit that file to your base branch.