normalize dependabot with consistent formatting and explicit schedule

[RainbowMango]

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

This pull request updates the Dependabot configuration to specify the exact day, time, and timezone for automated dependency checks. Now, all scheduled updates will consistently run every Monday at 00:00 UTC.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:
I'm hesitant to let Dependabot manage the Go dependencies, as most of them are shared with Kubernetes dependencies, and bumping them might break compatibility.
So, this PR only formats the configuration and sets an explicit schedule.

Does this PR introduce a user-facing change?:

NONE

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refines the project's automated dependency management strategy. By standardizing the update schedule across all ecosystems and introducing support for Go modules, the changes ensure more predictable and manageable dependency updates while safeguarding against potentially disruptive changes in core Kubernetes libraries.

Highlights

• Standardized Scheduling: Updated all package ecosystems to run dependency checks every Monday at 00:00 UTC for consistent maintenance.
• Go Module Support: Enabled Dependabot for the gomod ecosystem with vendor support enabled.
• Dependency Filtering: Added explicit ignore rules for Kubernetes-related dependencies to prevent automated updates that may cause breaking changes.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[Copilot]

Pull request overview

Updates the repository’s Dependabot configuration to run dependency update checks on a consistent weekly cadence and to start tracking Go module updates (with exclusions for Kubernetes-related modules).

Changes:

• Standardized github-actions and docker Dependabot schedules to run weekly on Mondays at 00:00 UTC.
• Added gomod Dependabot updates for the repo root with vendor: true.
• Added ignore rules for Kubernetes-related Go modules (k8s.io/*, sigs.k8s.io/*).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[gemini-code-assist]

Code Review

This pull request standardizes Dependabot update schedules to Mondays at 00:00 UTC and introduces the gomod package ecosystem with exclusions for Kubernetes-related dependencies. Feedback suggests reordering the configuration to group identical package ecosystems together for better readability and maintainability.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 42.17%. Comparing base (8fbab15) to head (93c28e7).
⚠️ Report is 2 commits behind head on master.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #7400   +/-   ##
=======================================
  Coverage   42.16%   42.17%           
=======================================
  Files         875      875           
  Lines       53618    53618           
=======================================
+ Hits        22610    22612    +2     
+ Misses      29309    29308    -1     
+ Partials     1699     1698    -1     

Flag	Coverage Δ
unittests	42.17% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[RainbowMango]

/hold
Hope to ignore dependencies that are required by Kubernetes.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[RainbowMango]

/hold cancel
I'm hesitant to let Dependabot manage the Go dependencies, as most of them are shared with Kubernetes dependencies, and bumping them might break compatibility.
So, this PR only formats the configuration and sets an explicit schedule.

[RainbowMango]

Try friendly ping @liangyuanpeng as the bot recommends you for approval. :)

[karmada-bot]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• .github/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment