ADR-036: Automated dependency updates with Dependabot and custom workflows

Category: development Provenance: human

Decision

Use Dependabot for Python and GitHub Actions dependencies. Use custom GitHub Action workflow to bump operator image tag in Helm chart values.yaml when new operator versions are released.

Rationale

Dependabot automates dependency updates for Python packages and GitHub Actions, reducing security vulnerabilities and keeping dependencies current. Automatic PRs make updates visible and reviewable. Custom workflow for Helm values ensures charts reference correct operator versions without manual updates. Separate concerns: Dependabot for general deps, custom workflow for operator-chart coupling.

Agent Instructions

Configure Dependabot for Python dependencies (pyproject.toml) and GitHub Actions workflows. Maintain separate workflow that updates charts/keycloak-*/values.yaml with new operator image tags when operator releases are created. Review and merge Dependabot PRs regularly.

Rejected Alternatives

Manual dependency updates

Error-prone, easy to miss security updates, consumes developer time.

Renovate or other dependency bots

Dependabot is GitHub-native, no additional setup needed. Sufficient for project needs.