Ignore elastic/sarama in Dependabot to prevent path mismatch errors

[Copilot]

What does this PR do?

Adds github.com/elastic/sarama to the Dependabot ignore list in .github/dependabot.yml to prevent go_module_path_mismatch errors when Dependabot attempts to update this dependency.

The elastic/sarama fork is maintained by Elastic with custom patches based on Shopify/sarama. The dependency is kept at version v1.19.1-0.20250603175145-7672917f26b6 and managed manually to avoid automated update issues.

Why is it important?

Prevents Dependabot from encountering path mismatch errors when attempting to update the elastic/sarama fork, while allowing the dependency to be managed manually at the required version. This unblocks Dependabot operations for other dependencies.

See https://github.com/elastic/elastic-agent/network/updates/1175474681 and https://github.com/elastic/elastic-agent/actions/runs/19975897958/job/57291878855#step:3:11423

+---------------------------------------------------------------------------+
|                    Changes to Dependabot Pull Requests                    |
+---------+-----------------------------------------------------------------+
| created | github.com/elastic/elastic-agent-libs ( from 0.27.0 to 0.28.0 ) |
+---------+-----------------------------------------------------------------+
Dependabot encountered '1' error(s) during execution, please check the logs for more details.
+---------------------------------------------------------------------------------------------------------+
|                                      Dependencies failed to update                                      |
+---------------------------+-------------------------+---------------------------------------------------+
| Dependency                | Error Type              | Error Details                                     |
+---------------------------+-------------------------+---------------------------------------------------+
| github.com/elastic/sarama | go_module_path_mismatch | {                                                 |
|                           |                         |   "declared-path": "downloading",                 |
|                           |                         |   "discovered-path": "github.com/Shopify/sarama", |
|                           |                         |   "go-mod": "go.mod"                              |
|                           |                         | }                                                 |
+---------------------------+-------------------------+---------------------------------------------------+
Failure running container 09761da2255b13fca53b166abc500bd9c4cd9c3112e29d2b983abd3c47323c33: Error: Command failed with exit code 1: /bin/sh -c $DEPENDABOT_HOME/dependabot-updater/bin/run update_files
  proxy | 2025/12/05 21:04:58 Posting metrics to remote API endpoint
  proxy | 2025/12/05 21:04:58 Successfully posted metrics data via api client
Cleaned up container 09761da2255b13fca53b166abc500bd9c4cd9c3112e29d2b983abd3c47323c33
  proxy | 2025/12/05 21:05:02 113/4885 calls cached (2%)

Checklist

• I have read and understood the pull request guidelines of this project.
• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool
• I have added an integration test or an E2E test

Disruptive User Impact

None. The change only affects Dependabot configuration and does not impact runtime behavior or dependency resolution.

How to test this PR locally

go mod verify
go list -m github.com/elastic/sarama  # Should show: v1.19.1-0.20250603175145-7672917f26b6

Verify that Dependabot no longer attempts to update github.com/elastic/sarama in future automated runs.

Related issues

Questions to ask yourself

• How are we going to support this in production? — No production impact; Dependabot configuration only.
• How are we going to measure its adoption? — Dependabot will no longer attempt to update elastic/sarama.
• How are we going to debug this? — The dependency version remains explicitly defined in go.mod.

Original prompt

Field Value
@timestamp Dec 4, 2025 @ 22:03:43.000000000
labels.github_repository elastic/elastic-agent
message Dependabot encountered an error performing the updateError: The updater encountered one or more errors.For more information see: https://github.com/elastic/elastic-agent/network/updates/1174478529 (write access to the repository is required to view the log)
labels.github_workflow_run_html_url https://api.github.com/repos/elastic/elastic-agent/actions/runs/19943821669

Dependabot encountered '1' error(s) during execution, please check the logs for more details.
+---------------------------------------------------------------------------------------------------------+
| Dependencies failed to update |
+---------------------------+-------------------------+---------------------------------------------------+
| Dependency | Error Type | Error Details |
+---------------------------+-------------------------+---------------------------------------------------+
| github.com/elastic/sarama | go_module_path_mismatch | { |
| | | "declared-path": "downloading", |
| | | "discovered-path": "github.com/Shopify/sarama", |
| | | "go-mod": "go.mod" |
| | | } |
+---------------------------+-------------------------+---------------------------------------------------+
Failure running container 4b528aef85792d55a119fda031c638f2e6420eda83e7abb0627047cbb442f246: Error: Command failed with exit code 1: /bin/sh -c $DEPENDABOT_HOME/dependabot-updater/bin/run update_files
Cleaned up container 4b528aef85792d55a119fda031c638f2e6420eda83e7abb0627047cbb442f246
proxy | 2025/12/04 21:03:40 84/1500 calls cached (5%)
2025/12/04 21:03:40 Posting metrics to remote API endpoint
proxy | 2025/12/04 21:03:40 Successfully posted metrics data via api client

Find the logs at https://github.com/elastic/elastic-agent/actions/runs/19943821669/job/57188192902

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[mergify]

This pull request does not have a backport label. Could you fix it @Copilot? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-./d./d is the label that automatically backports to the 8./d branch. /d is the digit
• backport-active-all is the label that automatically backports to all active branches.
• backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
• backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.

[v1v]

@copilot In this case, I want to keep the version as already defined, github.com/elastic/sarama v1.19.1-0.20250603175145-7672917f26b6 , instead of using the IBM/sarama one

[Copilot]

@copilot In this case, I want to keep the version as already defined, github.com/elastic/sarama v1.19.1-0.20250603175145-7672917f26b6 , instead of using the IBM/sarama one

Reverted the replace directive in commit 69bbb1d. The elastic/sarama version v1.19.1-0.20250603175145-7672917f26b6 is now kept as originally defined, without any redirection to IBM/sarama.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/elastic/sarama/branches
  • Triggering command: /usr/bin/curl curl -s REDACTED (http block)
• https://api.github.com/repos/elastic/sarama/commits/7672917f26b6112627457d6bd1736a8636449c5b
  • Triggering command: /usr/bin/curl curl -s REDACTED (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[v1v]

buildkite test this

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 9120436

cc @v1v @copilot