ci: dependabot prefers requirements.txt (kubeflow#1658)

in /jobs/async-upload we use Poetry pyproject.toml
we also export the dependencies via Poetry export plugin
into requirements.txt for hermetic builds.

Due to the way dependabot works atm however, this leads to PRs from
dependabot which only updates requirements.txt and ignore pyproject.toml
and importantly ignore poetry.lock bumps

We need the opposite. We need to the Dependabot to update our lock file
governed by Poetry, and in second instance we need to (manually) update
the requirements.txt via makefile

Signed-off-by: Matteo Mortari <matteo.mortari@gmail.com>

Author: tarilabs

.github/dependabot.yml

@@ -17,6 +17,8 @@ updates:
       - "/jobs/async-upload"
     schedule:
       interval: "weekly"
+    exclude-paths:
+      - "/jobs/async-upload/requirements.txt"
   - package-ecosystem: "docker"
     directory: "/"
     schedule: