chore: enable Dependabot for automated dependency updates (#1498)

## Summary

- Add `.github/dependabot.yml` to automatically create PRs for outdated
and vulnerable dependencies across all ecosystems in the repo
- Covers GitHub Actions, Go modules, Python (pip), npm, and Docker base
images
- Groups minor/patch updates per ecosystem to reduce PR noise

## Ecosystems Configured

| Ecosystem | Directory | Reviewers |
|-----------|-----------|-----------|
| `github-actions` | `/` | @EItanya @peterj @ilackarms @yuval-k |
| `gomod` | `/go` | @EItanya @ilackarms @yuval-k |
| `pip` | `/python` | @EItanya @peterj @yuval-k |
| `npm` | `/ui` | @peterj |
| `docker` | `/go` | @EItanya @ilackarms @yuval-k |
| `docker` | `/python` | @EItanya @peterj @yuval-k |
| `docker` | `/ui` | @peterj |
| `docker` | `/docker/skills-init` | @EItanya @ilackarms @yuval-k |

## Configuration Details

- **Schedule:** Weekly (Monday) for all ecosystems
- **Grouping:** Minor + patch updates grouped together per ecosystem
- **PR limit:** 10 open PRs per ecosystem
- **Labels:** `dependencies` on all PRs
- **Commit prefix:** `chore(deps):` for consistency with repo
conventions
- **Reviewers:** Assigned per CODEOWNERS

## Verification

After merge:
1. Check **Insights > Dependency graph > Dependabot** tab to confirm all
ecosystems are detected
2. Dependabot should start opening PRs within 24 hours
3. Verify PRs trigger CI checks correctly

## Notes

- The Python `pip` ecosystem entry points at `/python` where the UV
workspace `pyproject.toml` lives. If Dependabot doesn't pick up
sub-packages under `python/packages/`, separate entries can be added in
a follow-up
- GitHub Actions grouping only covers minor/patch — major version bumps
get individual PRs for careful review

Signed-off-by: Jaison Paul <paul.jaison@gmail.com>
Co-authored-by: Eitan Yarmush <eitan.yarmush@solo.io>

Author: jsonmp-k8

.github/dependabot.yml

@@ -0,0 +1,189 @@
+version: 2
+
+updates:
+  # GitHub Actions — keep CI workflows up to date
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore(deps):"
+    reviewers:
+      - "EItanya"
+      - "peterj"
+      - "ilackarms"
+      - "yuval-k"
+    groups:
+      actions:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # Go modules
+  - package-ecosystem: "gomod"
+    directory: "/go"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore(deps):"
+    reviewers:
+      - "EItanya"
+      - "ilackarms"
+      - "yuval-k"
+    groups:
+      go-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # Python (uv) — workspace root and all packages
+  - package-ecosystem: "uv"
+    directories:
+      - "/python"
+      - "/python/packages/kagent-adk"
+      - "/python/packages/kagent-core"
+      - "/python/packages/kagent-skills"
+      - "/python/packages/kagent-crewai"
+      - "/python/packages/kagent-langgraph"
+      - "/python/packages/kagent-openai"
+      - "/python/packages/agentsts-core"
+      - "/python/packages/agentsts-adk"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore(deps):"
+    reviewers:
+      - "EItanya"
+      - "peterj"
+      - "yuval-k"
+    groups:
+      python-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # Python (uv) — sample applications
+  - package-ecosystem: "uv"
+    directories:
+      - "/python/samples/adk/basic"
+      - "/python/samples/openai/basic_agent"
+      - "/python/samples/crewai/poem_flow"
+      - "/python/samples/crewai/research-crew"
+      - "/python/samples/langgraph/currency"
+      - "/go/core/test/e2e/agents/kebab"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore(deps):"
+    reviewers:
+      - "EItanya"
+      - "peterj"
+      - "yuval-k"
+    groups:
+      samples-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # npm — Next.js UI
+  - package-ecosystem: "npm"
+    directory: "/ui"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore(deps):"
+    reviewers:
+      - "peterj"
+    groups:
+      npm-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # Docker — core production images
+  - package-ecosystem: "docker"
+    directories:
+      - "/go"
+      - "/python"
+      - "/ui"
+      - "/docker/skills-init"
+      - "/.devcontainer"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore(deps):"
+    reviewers:
+      - "EItanya"
+      - "peterj"
+      - "ilackarms"
+      - "yuval-k"
+    groups:
+      docker-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # Docker — sample and test images
+  - package-ecosystem: "docker"
+    directories:
+      - "/python/samples/adk/basic"
+      - "/python/samples/openai/basic_agent"
+      - "/python/samples/crewai/poem_flow"
+      - "/python/samples/crewai/research-crew"
+      - "/python/samples/langgraph/currency"
+      - "/go/core/test/e2e/agents/kebab"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore(deps):"
+    reviewers:
+      - "EItanya"
+      - "peterj"
+      - "yuval-k"
+    groups:
+      docker-samples-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"