chore: Configure Renovate

[elastic-renovate-prod]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• .buildkite/pipeline.package.mbp.yml (buildkite)
• .buildkite/pipeline.perf-tests.yaml (buildkite)
• .buildkite/pipeline.yml (buildkite)
• dev-tools/e2e/docker-compose.yml (docker-compose)
• dev-tools/integration/docker-compose.yml (docker-compose)
• Dockerfile (dockerfile)
• Dockerfile.build (dockerfile)
• Dockerfile.fips (dockerfile)
• dev-tools/e2e/Dockerfile (dockerfile)
• .github/workflows/add-issues-to-ingest-board.yml (github-actions)
• .github/workflows/backport-active.yml (github-actions)
• .github/workflows/bump-elastic-stack-snapshot.yml (github-actions)
• .github/workflows/bump-golang.yml (github-actions)
• .github/workflows/catalog-info.yml (github-actions)
• .github/workflows/docs-build.yml (github-actions)
• .github/workflows/docs-cleanup.yml (github-actions)
• .github/workflows/elastic-agent-project-board.yml (github-actions)
• .github/workflows/golangci-lint.yml (github-actions)
• .github/workflows/mergify-labels-copier.yml (github-actions)
• .github/workflows/post-dependabot.yml (github-actions)
• .github/workflows/pre-commit.yml (github-actions)
• .github/workflows/qa-labels.yml (github-actions)
• dev-tools/go.mod (gomod)
• go.mod (gomod)
• pkg/api/go.mod (gomod)
• testing/go.mod (gomod)
• dev-tools/cloud/terraform/main.tf (terraform)
• Dockerfile (regex)
• Dockerfile.build (regex)
• Dockerfile.fips (regex)
• Dockerfile (regex)
• .buildkite/pipeline.fleet-server-tests.yaml (regex)
• .buildkite/pipeline.package.mbp.yml (regex)
• .buildkite/pipeline.perf-tests.yaml (regex)
• .buildkite/pipeline.yml (regex)
• docs/developers-guide.md (regex)
• Dockerfile (regex)
• Dockerfile.build (regex)
• Dockerfile.fips (regex)
• Dockerfile (regex)
• .buildkite/pipeline.fleet-server-tests.yaml (regex)
• .buildkite/pipeline.package.mbp.yml (regex)
• .buildkite/pipeline.perf-tests.yaml (regex)
• .buildkite/pipeline.yml (regex)
• docs/developers-guide.md (regex)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Chainguard Renovate configuration (https://ela.st/wolfi)
• Renovate configuration to manage containers in docker.elastic.co/ci-agent-images/*. This is included by default and doesn't need to be explicitly pulled in
• Chainguard Renovate configuration (https://ela.st/wolfi)
• Renovate configuration to manage containers in docker.elastic.co/ci-agent-images/*. This is included by default and doesn't need to be explicitly pulled in
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Pin Docker digests.
• Pin github-action digests.
• Enable Renovate configuration migration PRs when needed.
• Pin dependency versions for devDependencies.
• Shared Renovate configuration for an out-of-the-box set of defaults for Renovate at Elastic

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

What to Expect

With your current configuration, Renovate will create 10 Pull Requests:

chore(deps): pin dependencies

• Schedule: ["at any time"]
• Branch name: renovate/pin-dependencies
• Merge into: main
• Upgrade actions/checkout to 08c6903cd8c0fde910a37f88322edcfb5dd907a8
• Upgrade actions/setup-go to 44694675825211faa026b3c33043df3e48a5fa00
• Upgrade cgr.dev/chainguard/wolfi-base to sha256:ae238a181d95804645919b2671d50ae77477efbfb299544491346e2911125aaf
• Upgrade docker.elastic.co/ci-agent-images/buildkite-junit-annotate to sha256:d8e103cb729cdb4192db977e56610e9ff8e7b76fd6e61363d1354a67d6fb59a0
• Upgrade docker.elastic.co/ci-agent-images/quality-gate-seedling to sha256:7b0db22b903afc6533524ee842bf4a7eec14236e06b016ba9177bc5721f793fd
• Upgrade elastic/oblt-actions to 902cf57b569c29ab1c421e4ef65dbf589d685303
• Upgrade sergeysova/jq-action to a3f0d4ff59cc1dddf023fc0b325dd75b10deec58

chore(deps): pin docker.elastic.co/wolfi/chainguard-base-fips docker tag to 3265e43

• Schedule: ["at any time"]
• Branch name: renovate/wolfi-versioned
• Merge into: main
• Upgrade docker.elastic.co/wolfi/chainguard-base-fips to sha256:3265e43843c2c8ad842dacd792a44a518e7e73a7d3eec2112bd9b55a19ade88d

fix(deps): update github.com/elastic/fleet-server/pkg/api digest to 3ace395

• Schedule: ["at any time"]
• Branch name: renovate/github.com-elastic-fleet-server-pkg-api-digest
• Merge into: main
• Upgrade github.com/elastic/fleet-server/pkg/api to 3ace39515666

chore(deps): update buildkite plugin elastic/vault-docker-login to v0.6.1

• Schedule: ["at any time"]
• Branch name: renovate/elastic-vault-docker-login-0.x
• Merge into: main
• Upgrade elastic/vault-docker-login to v0.6.1

chore(deps): update docker.elastic.co/ci-agent-images/quality-gate-seedling docker tag to v0.0.5

• Schedule: ["at any time"]
• Branch name: renovate/docker.elastic.co-ci-agent-images-quality-gate-seedling-0.x
• Merge into: main
• Upgrade docker.elastic.co/ci-agent-images/quality-gate-seedling to sha256:a7b2991056eb3f6865a8afccc7f980dba0c65aaf5a4c70d3b4795dab0100b138

chore(deps): update buildkite plugin elastic/oblt-google-auth to v1.3.0

• Schedule: ["at any time"]
• Branch name: renovate/elastic-oblt-google-auth-1.x
• Merge into: main
• Upgrade elastic/oblt-google-auth to v1.3.0

fix(deps): update module github.com/elastic/fleet-server/v7 to v7.17.29

• Schedule: ["at any time"]
• Branch name: renovate/github.com-elastic-fleet-server-v7-7.x
• Merge into: main
• Upgrade github.com/elastic/fleet-server/v7 to eeff149fb5eb9b0a93f40f9d1d26022d1f4c632e

fix(deps): update module github.com/cenkalti/backoff/v4 to v5

• Schedule: ["at any time"]
• Branch name: renovate/github.com-cenkalti-backoff-v4-5.x
• Merge into: main
• Upgrade github.com/cenkalti/backoff/v4 to v5.0.3

fix(deps): update module github.com/dgraph-io/ristretto to v2

• Schedule: ["at any time"]
• Branch name: renovate/github.com-dgraph-io-ristretto-2.x
• Merge into: main
• Upgrade github.com/dgraph-io/ristretto to v2.3.0

fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v9

• Schedule: ["at any time"]
• Branch name: renovate/github.com-elastic-go-elasticsearch-v8-9.x
• Merge into: main
• Upgrade github.com/elastic/go-elasticsearch/v8 to v9.2.0

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

---

Warning

Please correct - or verify that you can safely ignore - these dependency lookup failures before you merge this PR.

• Failed to look up docker package docker.elastic.co/fleet-server/fleet-server

Files affected: docs/developers-guide.md

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR has been generated by Renovate Bot.

[prodsecmachine]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Licenses	0	0	0	0	0 issues
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[mergify]

This pull request does not have a backport label. Could you fix it @elastic-renovate-prod[bot]? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-./d./d is the label to automatically backport to the 8./d branch. /d is the digit
• backport-active-all is the label that automatically backports to all active branches.
• backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
• backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.

[ebeahan]

Suspecting this was kicked off unintentionally by a change outside this repo.

I'll leave open for a couple of days. If no one claims, I'll close it.