Merge branch 'main' into renovate/all-go-dependencies

Author: Dawo9889

.github/workflows/renovate-auto-approve.yml

@@ -0,0 +1,44 @@
+name: renovate-auto-approve
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+      - review_requested
+      - synchronize
+jobs:
+  renovate-auto-approve:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      id-token: write
+    if: github.actor == 'renovate[bot]' && startsWith(github.head_ref, 'renovate/')
+    steps:
+      - name: Configure Workload Identity Federation
+        id: auth
+        uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3
+        with:
+          project_id: ${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}
+          workload_identity_provider: ${{ vars.GH_COM_KYMA_PROJECT_GCP_WORKLOAD_IDENTITY_FEDERATION_PROVIDER }}
+
+      - name: Fetch Kyma Bot Token For Auto Approve
+        id: access-secret
+        uses: google-github-actions/get-secretmanager-secrets@bc9c54b29fdffb8a47776820a7d26e77b379d262 # v3
+        with:
+          secrets: |
+            GITHUB_TOKEN:${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}/${{ vars.GH_COM_KYMA_BOT_AUTO_APPROVER_TOKEN_SECRET_NAME }}
+
+      - name: Auto Approve PR
+        uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4
+        with:
+          review-message: "Auto approval of PR generated by Renovate Bot"
+          github-token: ${{ steps.access-secret.outputs.GITHUB_TOKEN }}
+
+      - name: Add auto-approved Label to PR
+        run: gh pr edit "$NUMBER" --add-label "$LABELS"
+        env:
+          GH_REPO: ${{ github.repository }}
+          GH_TOKEN: ${{ steps.access-secret.outputs.GITHUB_TOKEN }}
+          NUMBER: ${{ github.event.pull_request.number }}
+          LABELS: auto-approved

.tflint.hcl

@@ -9,7 +9,7 @@ config {
 
 plugin "google" {
     enabled = true
-    version = "0.35.0"
+    version = "0.36.0"
     source  = "github.com/terraform-linters/tflint-ruleset-google"
 }
 

cmd/cloud-run/slackmessagesender/requirements.txt

@@ -4,5 +4,5 @@ flask>=2.3.2
 cloudevents==1.12.0
 gunicorn==23.0.0
 pygithub==2.8.1
-pyyaml==6.0.2
+pyyaml==6.0.3
 werkzeug>=3.0.6

configs/terraform/modules/slack-message-sender/slack-message-sender.tf

@@ -38,7 +38,7 @@ resource "google_cloud_run_service" "slack_message_sender" {
     spec {
       service_account_name = google_service_account.slack_message_sender.email
       containers {
-        image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/slackmessagesender:v20250910-77a3f821"
+        image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/slackmessagesender:v20250925-ea9d9cf9"
         env {
           name  = "PROJECT_ID"
           value = var.gcp_project_id

sec-scanners-config.yaml

@@ -7,7 +7,7 @@ bdba:
     - europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20250924-935a21c6
     - europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20250924-935a21c6
     - europe-docker.pkg.dev/kyma-project/prod/test-infra/signify-secret-rotator:v20250917-e51a4bba
-    - europe-docker.pkg.dev/kyma-project/prod/test-infra/slackmessagesender:v20250910-77a3f821
+    - europe-docker.pkg.dev/kyma-project/prod/test-infra/slackmessagesender:v20250925-ea9d9cf9
 mend:
     language: golang-mod
     exclude: