Adjust handling of GH action dependencies for CI/CD partnership

[trmartin4]

🎟️ Tracking

bitwarden.atlassian.net/browse/PM-14640

📔 Objective

Analog to bitwarden/clients#12818 on the clients repo.

As we have started to share ownership of our build pipelines between BRE and Platform, BRE no longer owns all of the github-action-managed dependencies. The current renovate.json results in misleading PR titles like bitwarden/clients#12706.

This PR does the following:

• Removes the addition of the BRE prefix for all github-action dependencies. It is left for dockerfile and docker-compose managers as those are owned by BRE.
• Removes patch updates from the scope of PR creation.

❓ What will upcoming PRs look like?

• Patch updates will be ignored
• Minor workflow dependency updates will be grouped into a single PR, with no team-specific prefix, with the PR reviewer(s) determined by who owns the workflow files in which the dependencies are used (e.g. Platform would need to review build/lint/test workflows, BRE would need to review deploy/publish workflows).
  • 🤔 Note that we can do this since the workflow files have explicit CODEOWNERs defined, whereas other dependencies are updated in package.json which doesn't have an owner, so we have to assign the ownership in renovate.json.
• Major workflow updates will be handled independently with PRs for each, with no team-specific prefix with the PR reviewer(s) determined by who owns the workflow files in which the dependencies are used

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 44.02%. Comparing base (ed14f28) to head (307eb6f).
Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #5274   +/-   ##
=======================================
  Coverage   44.02%   44.02%           
=======================================
  Files        1476     1476           
  Lines       68291    68291           
  Branches     6175     6175           
=======================================
  Hits        30065    30065           
  Misses      36919    36919           
  Partials     1307     1307           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[withinfocus]

ℹ️ This is "github action dependencies" on bitwarden/clients#12818.

[trmartin4]

I feel like that github-action minor is actually more descriptive and was going to raise a PR to update the description on clients, since I think this will be the title of the resulting PR (and thus the naming has implications to clarity in the future). Do you have a preference?

[withinfocus]

I like this more, it just wasn't merged yet. Consistency would be great, and you could update the template repo to match.

[trmartin4]

👍 Will do!

[trmartin4]

I updated the clients to match with bitwarden/clients#12896.

[github-actions]

Checkmarx One – Scan Summary & Details – 4835155d-dac1-4b99-bfe0-045ac5856c09

Great job, no security vulnerabilities found in this Pull Request