## Summary Currently, this project uses [GitLab Renovate](https://gitlab.com/gitlab-org/frontend/renovate-gitlab-bot) for automatic dependency updates (e.g., !424 for golangci-lint). This issue tracks replacing Renovate with [GitLab Duo Flow](https://docs.gitlab.com/ee/user/duo_workflow/) for this use case. ## Background - Renovate automatically creates merge requests when dependencies have new versions available - GitLab Duo Flow is an AI-powered workflow automation tool that can execute tasks autonomously ## Discovery Before implementation, we need to discover if there is an in-house way of doing this properly yet: - [ ] **Talk to the Dependency Scanning team** to understand if there's an existing or planned GitLab-native solution for automatic dependency updates - [ ] Confirm whether Duo Flow is the recommended approach or if another internal tool/feature is in development ## Tasks 1. **Configure Duo Flow** for dependency detection and MR creation 2. **Set up Go module support** for `go.mod` and other dependency files used in this project 3. **Define scheduling** for automated dependency checks 4. **Configure grouping & batching** for related dependency updates 5. **Enable security updates** handling for vulnerability-driven updates 6. **Remove Renovate configuration** once Duo Flow is operational ## Acceptance Criteria - [ ] Duo Flow (or recommended in-house solution) is configured and running for this project - [ ] Automatic dependency update MRs are being created - [ ] Renovate configuration is removed - [ ] Document any differences in workflow or configuration ## References - Current Renovate MR example: !424 - [GitLab Duo Flow documentation](https://docs.gitlab.com/ee/user/duo_workflow/)