Make Renovate ungroup major/digest upgrades

[erikgb]

Looking at #447, I want to merge the Proto upgrade, but probably wait for the Cosign major upgrade. This PR should make Renovate split that PR into two.

[Copilot]

Pull Request Overview

This PR modifies the Renovate configuration to adjust how updates for custom regex-managed dependencies are handled. The changes remove the manual approval requirement for major and digest updates while ensuring these updates are not grouped with other dependencies.

• Adds explicit groupName: null to prevent grouping major/digest updates with the "Tools" group
• Removes dependencyDashboardApproval: true to allow automatic processing of major and digest updates

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This package rule conflicts with the 'Tools' group rule (lines 44-55) which also matches 'custom.regex' manager. The 'Tools' rule will group all custom.regex updates together, but this rule attempts to exclude major/digest updates from grouping. Consider adding excludeUpdateTypes: ['major', 'digest'] to the 'Tools' rule to make the intent clearer and avoid relying on rule ordering.

[erikgb]

I agree it would be clearer to do it that way, but then I have to repeat the post-upgrade task.

[octo-sts]

Reconfigure PR Results

This is a reconfigure PR comment to help you understand and re-configure your renovate bot settings. If this Reconfigure PR were to be merged, we'd expect to see the following outcome:

---

Detected Package Files

• .github/workflows/base-images-upgrade.yaml (github-actions)
• .github/workflows/e2e-test.yaml (github-actions)
• .github/workflows/kind-images-upgrade.yaml (github-actions)
• .github/workflows/renovate.yaml (github-actions)
• .github/workflows/validate-renovate-config.yaml (github-actions)
• modules/go/base/.github/workflows/govulncheck.yaml (github-actions)
• modules/repository-base/base/.github/workflows/make-self-upgrade.yaml (github-actions)
• modules/repository-base/base/.github/workflows/renovate.yaml (github-actions)
• modules/olm-bundle/olm-to-oci/go.mod (gomod)
• tests/e2e-projects/test-project/go.mod (gomod)
• modules/tools/00_mod.mk (regex)
• modules/tools/00_mod.mk (regex)
• modules/tools/00_mod.mk (regex)
• modules/tools/00_mod.mk (regex)

Configuration Summary

Based on the default config's presets, Renovate will:

• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Show only the Age and Confidence Merge Confidence badges for pull requests.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Pin Docker digests.
• Pin github-action digests.
• Enable Renovate configuration migration PRs when needed.
• Pin dependency versions for development dependencies.
• Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides.
• Update _VERSION environment variables in GitHub Action files.
• Append Signed-off-by: to signoff Git commits.
• Use semantic prefixes for commit messages and PR titles.
• Disable vulnerability alerts completely.
• Remove hourly and concurrent rate limits.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Show only the Age and Confidence Merge Confidence badges for pull requests.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Pin Docker digests.
• Pin github-action digests.
• Enable Renovate configuration migration PRs when needed.
• Pin dependency versions for development dependencies.
• Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides.
• Update _VERSION environment variables in GitHub Action files.
• Append Signed-off-by: to signoff Git commits.
• Use semantic prefixes for commit messages and PR titles.
• Disable vulnerability alerts completely.
• Remove hourly and concurrent rate limits.

---

What to Expect

With your current configuration, Renovate will create 3 Pull Requests:

chore(deps): update renovate/renovate docker tag to v41.168.3

• Schedule: ["at any time"]
• Branch name: renovate/renovate-renovate-41.x
• Merge into: main
• Upgrade renovate/renovate to sha256:7e35d44da16e84524d90224fea26f245c068723fa7b611aaa9073d332c7c4f5c

chore(deps): update dependency protocolbuffers/protobuf to v33

• Schedule: ["at any time"]
• Branch name: renovate/protocolbuffers-protobuf-33.x
• Merge into: main
• Upgrade protocolbuffers/protobuf to v33.0

chore(deps): update module github.com/sigstore/cosign/v2 to v3

• Schedule: ["at any time"]
• Branch name: renovate/github.com-sigstore-cosign-v2-3.x
• Merge into: main
• Upgrade github.com/sigstore/cosign/v2 to v3.0.2

[ThatsMrTalbot]

/lgtm
/approve

[cert-manager-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ThatsMrTalbot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ThatsMrTalbot]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment