Dependabot no longer working well for go dependencies

[robscott]

What happened: PRs opened by dependabot do not appear to be running go mod tidy and are failing our presubmits.

What you expected to happen: PR opened by dependabot to pass our presubmits.

Anything else we need to know?: Not sure what the solution is here, maybe it's just better dependabot config, or maybe we should look into an alternative like renovate that appears to have a few more configuration options here. With that said, I can't find any prior art for running renovate with k8s projects, so it's probably safest to stick with dependabot if we can get it to work.

[jongwooo]

Can I work on this issue? I think adding few settings to the dependabot.yml might fix it.

[jongwooo]

Currently, the dependabot.yml is only tracking for the directory /. I think adding few settings for the directories(where go.mod is located) gwctl/ and conformance/echo-basic/ might fix this. Ref: https://github.com/stackrox/stackrox/blob/master/.github/dependabot.yaml#L40-L156

[youngnick]

/assign @jongwooo

Sounds great, feel free to make a PR!

[jongwooo]

Still same problem in #2789

[robscott]

Still same problem in #2789

😢 reopening this for now, though #2786 was still very helpful for other reasons. Open to other potential fixes for this particular problem.

[sunjayBhatia]

the issue looks like it is due to there being multiple modules in the repo and the update order in the case of #2789 between the different modules, the gwctl module on the PR branch has an older version of the k8s.io deps than the PR is updating the main module to

[sunjayBhatia]

I don't have the right permissions but looks like a dependabot rebase should fix the issue at hand in https://github.com/kubernetes-sigs/gateway-api/pull/2789

[dprotaso]

I wonder if dropping the replace block in gwctl's go.mod would help. That replace block also prevents people from installing it with go install.

I wonder if this is those niche scenarios were commiting a go.work file makes sense

[robscott]

Unfortunately still failing in #2882

[robscott]

/help

[k8s-ci-robot]

@robscott: This request has been marked as needing help from a contributor.

Guidelines

Please ensure that the issue body includes answers to the following questions:

• Why are we solving this issue?
• To address this issue, are there any code changes? If there are code changes, what needs to be done in the code and what places can the assignee treat as reference points?
• Does this issue have zero to low barrier of entry?
• How can the assignee reach out to you for help?

For more details on the requirements of such an issue, please see here and ensure that they are met.

If this request no longer meets these requirements, the label can be removed by commenting with the /remove-help command.

In response to [this](https://github.com/kubernetes-sigs/gateway-api/issues/2780): >/help Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.