Update go dependencies and introduce renovate

[JetyAdam]

https://issues.redhat.com/browse/RHCLOUD-43451

Summary by Sourcery

Update Go module dependencies and add configuration for automated dependency management.

Build:

• Bump various direct and indirect Go module dependencies to newer patch versions and add new indirect database and testing drivers.
• Introduce a Renovate configuration file to enable automated dependency updates.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR updates several Go module dependencies and introduces Renovate configuration to automate future dependency management, including adding support for additional database drivers and observability libraries.

Sequence diagram for Renovate creating a dependency update PR

sequenceDiagram
  participant UpstreamRegistry
  participant RenovateBot
  participant Repo
  participant CICD
  participant Maintainer

  UpstreamRegistry->>RenovateBot: Publish new dependency version
  RenovateBot->>RenovateBot: Scheduled run starts
  RenovateBot->>Repo: Fetch renovate.json and go.mod
  RenovateBot->>RenovateBot: Determine required updates
  RenovateBot->>Repo: Create branch and update go.mod and go.sum
  RenovateBot->>Repo: Open pull request
  Repo->>CICD: Trigger CI pipeline
  CICD->>CICD: Run tests and checks
  CICD-->>Repo: Report status on pull request
  Maintainer->>Repo: Review and merge pull request
  Repo-->>CICD: Trigger deployment pipeline

Loading

Flow diagram for Renovate dependency update workflow

flowchart LR
  A["New dependency version released upstream"] --> B["Renovate scheduled run starts"]
  B --> C["Renovate reads renovate.json configuration"]
  C --> D["Renovate scans go.mod and go.sum"]
  D --> E{Matches configured update rules}

  E -- no --> F["No action taken"]

  E -- yes --> G["Renovate updates dependency versions in go.mod and go.sum"]
  G --> H["Renovate opens or updates pull request"]
  H --> I["CI/CD pipeline runs tests and checks"]
  I --> J{CI/CD successful}

  J -- no --> K["Pull request remains open for fixes"]
  J -- yes --> L["Pull request is merged"]
  L --> M["Updated dependencies deployed with application"]

Loading

File-Level Changes

Change	Details	Files
Update Go module dependencies to newer patch versions and add newly required indirect dependencies.	Bump gorm.io/datatypes from v1.2.6 to v1.2.7 Update Prometheus libraries (common, procfs) and xdg-go/scram to newer patch releases Update golang.org/x/crypto and golang.org/x/text to newer patch releases Add new indirect dependencies such as fsnotify, microsoft/go-mssqldb, onsi/gomega, rogpeppe/go-internal, and gorm.io/driver/sqlserver Refresh go.sum to align with the updated go.mod dependency graph	go.mod go.sum
Introduce Renovate configuration to automate dependency update PRs.	Add renovate.json with repository-specific Renovate settings for Go modules and related tooling	renovate.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• There are several newly added indirect requirements (e.g., fsnotify, mssql, gomega, sqlserver); if these are only pulled in transitively you can omit them from go.mod to keep the module definition minimal and rely on go mod tidy to manage them.
• Given the introduction of Renovate, consider encoding any desired dependency grouping or pinning rules (e.g., for all gorm drivers or golang.org/x modules) in renovate.json so that future automated bumps stay consistent with how you intend to manage these libraries.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- There are several newly added indirect requirements (e.g., fsnotify, mssql, gomega, sqlserver); if these are only pulled in transitively you can omit them from go.mod to keep the module definition minimal and rely on `go mod tidy` to manage them.
- Given the introduction of Renovate, consider encoding any desired dependency grouping or pinning rules (e.g., for all gorm drivers or golang.org/x modules) in renovate.json so that future automated bumps stay consistent with how you intend to manage these libraries.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[JetyAdam]

@sourcery-ai I ran go mod tidy to ensure indirects are correctly marked. The Jira ticket specifically requests a single PR for all dependencies to reduce noise, so I am keeping the global grouping rule in renovate.json

Hey there - I've reviewed your changes - here's some feedback:

• There are several newly added indirect requirements (e.g., fsnotify, mssql, gomega, sqlserver); if these are only pulled in transitively you can omit them from go.mod to keep the module definition minimal and rely on go mod tidy to manage them.
• Given the introduction of Renovate, consider encoding any desired dependency grouping or pinning rules (e.g., for all gorm drivers or golang.org/x modules) in renovate.json so that future automated bumps stay consistent with how you intend to manage these libraries.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- There are several newly added indirect requirements (e.g., fsnotify, mssql, gomega, sqlserver); if these are only pulled in transitively you can omit them from go.mod to keep the module definition minimal and rely on `go mod tidy` to manage them.
- Given the introduction of Renovate, consider encoding any desired dependency grouping or pinning rules (e.g., for all gorm drivers or golang.org/x modules) in renovate.json so that future automated bumps stay consistent with how you intend to manage these libraries.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

[JetyAdam]

/retest

[Hyperkid123]

Only minor and patch please