[BUILD] Upgrade go dependencies using a custom github action

Author: amuraru

.github/workflows/ci.yml

@@ -5,6 +5,8 @@ on:
     branches:
       - master
   pull_request:
+  repository_dispatch:
+    types: [run-tests-for-generated-pr]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -18,6 +20,8 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event_name == 'repository_dispatch' && github.event.client_payload.pr_branch || github.ref }}
 
       - name: Set up Go
         uses: actions/setup-go@v6
@@ -54,6 +58,8 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event_name == 'repository_dispatch' && github.event.client_payload.pr_branch || github.ref }}
 
       - name: Set up Go
         uses: actions/setup-go@v6

.github/workflows/codeql-analysis.yml

@@ -17,6 +17,8 @@ on:
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [ master ]
+  repository_dispatch:
+    types: [run-tests-for-generated-pr]
   schedule:
     - cron: '34 23 * * 4'
 
@@ -44,6 +46,8 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v5
+      with:
+        ref: ${{ github.event_name == 'repository_dispatch' && github.event.client_payload.pr_branch || github.ref }}
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/e2e-test.yaml

@@ -5,6 +5,8 @@ on:
     branches:
       - master
   pull_request:
+  repository_dispatch:
+    types: [run-tests-for-generated-pr]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -20,6 +22,8 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event_name == 'repository_dispatch' && github.event.client_payload.pr_branch || github.ref }}
 
       - name: Clean workspace
         run: |

.github/workflows/update-go-deps.yml

@@ -0,0 +1,93 @@
+name: Update Go Dependencies
+
+on:
+  schedule:
+    # Run every Monday at 9:00 AM UTC
+    - cron: '0 9 * * 1'
+  workflow_dispatch: # Allow manual trigger
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-dependencies:
+    name: Update Go Dependencies
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+        with:
+          ref: master
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: '1.25'
+
+      - name: Update Go dependencies
+        run: make update-go-deps
+
+      - name: Tidy dependencies
+        run: make tidy
+
+      - name: Generate manifests
+        run: make generate manifests
+
+      - name: Format and lint fix
+        run: make fmt lint-fix
+
+      - name: Check for changes
+        id: check_changes
+        run: |
+          if [ -n "$(git status --porcelain)" ]; then
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create Pull Request
+        if: steps.check_changes.outputs.has_changes == 'true'
+        id: create_pr
+        uses: peter-evans/create-pull-request@v7
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: 'chore(deps): update Go dependencies'
+          title: 'chore(deps): update Go dependencies'
+          body: |
+            ## Automated Go Dependencies Update
+
+            This PR updates Go module dependencies to their latest versions.
+
+            ### Changes made:
+            - Updated Go module dependencies via `make update-go-deps`
+            - Regenerated manifests via `make generate manifests`
+            - Applied formatting and linting fixes via `make fmt lint-fix`
+
+            Please review the changes and ensure all tests pass before merging.
+          branch: automated/update-go-deps
+          delete-branch: true
+          labels: |
+            dependencies
+            go
+            automated
+
+      - name: Trigger CI workflows for generated PR
+        if: steps.check_changes.outputs.has_changes == 'true' && steps.create_pr.outputs.pull-request-number
+        run: |
+          curl -X POST \
+            -H "Accept: application/vnd.github.v3+json" \
+            -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+            https://api.github.com/repos/${{ github.repository }}/dispatches \
+            -d '{
+              "event_type": "run-tests-for-generated-pr",
+              "client_payload": {
+                "pr_number": "${{ steps.create_pr.outputs.pull-request-number }}",
+                "pr_head_sha": "${{ steps.create_pr.outputs.pull-request-head-sha }}",
+                "pr_branch": "automated/update-go-deps",
+                "trigger_source": "update-go-deps"
+              }
+            }'
+

Makefile

@@ -294,20 +294,32 @@ release: check-release ## Tag and push a release.
 	git tag -a ${REL_TAG} -m ${RELEASE_MSG}
 	git push origin ${REL_TAG}
 
+define update-module-deps
+	echo "Updating $(1) deps"; \
+	cd $(1); \
+	go mod tidy; \
+	for m in $$(go list -mod=readonly -m -f '{{ if and (not .Replace) (not .Indirect) (not .Main)}}{{.Path}}{{end}}' all); do \
+		go get -u $$m; \
+	done; \
+	go mod tidy
+endef
+
 update-go-deps: ## Update Go modules dependencies.
-	@echo "Finding all directories with go.mod files..."
-	@for gomod in $$(find . -name "go.mod" | sort); do \
+	@echo "Updating third_party modules first (deepest to shallowest)..."
+	@for gomod in $$(find ./third_party -name "go.mod" 2>/dev/null | awk '{print length, $$0}' | sort -rn | cut -d' ' -f2-); do \
 		dir=$$(dirname $$gomod); \
-		( \
-		echo "Updating $$dir deps"; \
-		cd $$dir; \
-		go mod tidy; \
-		for m in $$(go list -mod=readonly -m -f '{{ if and (not .Replace) (not .Indirect) (not .Main)}}{{.Path}}{{end}}' all); do \
-			go get -u $$m; \
-		done; \
-		go mod tidy \
-		) \
+		($(call update-module-deps,$$dir)); \
 	done
+	@echo "Updating properties, api, and root modules..."
+	@for dir in ./properties ./api .; do \
+		if [ -f $$dir/go.mod ]; then \
+			($(call update-module-deps,$$dir)); \
+		fi \
+	done
+	@echo "Updating tests/e2e module last..."
+	@if [ -f ./tests/e2e/go.mod ]; then \
+		($(call update-module-deps,./tests/e2e)); \
+	fi
 
 tidy: ## Run go mod tidy in all Go modules.
 	@echo "Finding all directories with go.mod files..."

renovate.json

@@ -14,10 +14,7 @@
     "docker:enableMajor",
     "group:allDigest"
   ],
-  "postUpdateOptions": [
-    "gomodTidy",
-    "gomodUpdateImportPaths"
-  ],
+
   "customManagers": [
     {
       "customType": "regex",
@@ -36,8 +33,8 @@
       "matchManagers": [
         "gomod"
       ],
-      "rangeStrategy": "replace",
-      "description": "Prevent downgrades for all Go modules - only allow upgrades"
+      "enabled": false,
+      "description": "Disable Go module updates - handled by automated workflow: .github/workflows/update-go-deps.yml"
     },
     {
       "matchCategories": [
@@ -52,7 +49,6 @@
         "major"
       ],
       "matchManagers": [
-        "gomod",
         "github-actions",
         "maven",
         "dockerfile",
@@ -70,7 +66,6 @@
         "digest"
       ],
       "matchManagers": [
-        "gomod",
         "github-actions",
         "maven",
         "dockerfile",
@@ -79,11 +74,6 @@
         "helm-values",
         "docker"
       ]
-    },
-    {
-      "matchManagers": ["gomod"],
-      "matchDepTypes": ["indirect"],
-      "enabled": false
     }
   ]
 }