updatecli: manage UBI and updatecli versions (#18427)

Author: v1v

.ci/updatecli/values.d/ironbank.yml

@@ -0,0 +1,9 @@
+config:
+  - path: docker/templates
+    dockerfile: IronbankDockerfile.erb
+    manifest: hardening_manifest.yaml.erb
+
+pull_request:
+  labels:
+    - dependencies
+    - backport-active-all

.ci/updatecli/values.d/scm.yml

@@ -1,3 +1,9 @@
 scm:
   owner: elastic
   repository: logstash
+  branch: main
+  commitusingapi: true
+  # begin updatecli-compose policy values
+  user: 'github-actions[bot]'
+  email: '41898282+github-actions[bot]@users.noreply.github.com'
+  # end updatecli-compose policy values

.ci/updatecli/values.d/updatecli.yml

@@ -0,0 +1,6 @@
+path: .updatecli-version
+
+pull_request:
+  labels:
+    - dependencies
+    - backport-skip

.github/workflows/update-compose.yml

@@ -0,0 +1,45 @@
+---
+name: update-compose
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 6 * * 1'
+
+permissions:
+  contents: read
+
+jobs:
+  compose:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      packages: read
+    steps:
+      - uses: actions/checkout@v5
+
+      - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: elastic/oblt-actions/updatecli/run@v1
+        with:
+          command: compose diff
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: elastic/oblt-actions/updatecli/run@v1
+        with:
+          command: compose apply
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - if: ${{ failure()  }}
+        uses: elastic/oblt-actions/slack/send@v1
+        with:
+          channel-id: '#logstash-build'
+          message: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, @robots-ci please look what's going on <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>"
+          bot-token: ${{ secrets.SLACK_BOT_TOKEN }}

updatecli-compose.yaml

@@ -0,0 +1,17 @@
+# Config file for `updatecli compose ...`.
+# https://www.updatecli.io/docs/core/compose/
+policies:
+  - name: Handle ironbank bumps
+    policy: ghcr.io/elastic/oblt-updatecli-policies/ironbank/templates:0.5.3@sha256:1d5b2f8ca1c141ebe0368d39ec1cdf8bc32662795a21416907eb02b8bf40d890
+    values:
+      - .ci/updatecli/values.d/scm.yml
+      - .ci/updatecli/values.d/ironbank.yml
+  - name: Handle updatecli bumps
+    policy: ghcr.io/elastic/oblt-updatecli-policies/updatecli/version:0.2.0@sha256:013a37ddcdb627c46e7cba6fb9d1d7bc144584fa9063843ae7ee0f6ef26b4bea
+    values:
+      - .ci/updatecli/values.d/scm.yml
+      - .ci/updatecli/values.d/updatecli.yml
+  - name: Update Updatecli policies
+    policy: ghcr.io/updatecli/policies/autodiscovery/updatecli:0.9.1@sha256:5bbca67a9e31bf5432d5cae1452b9fc770014151ddd856f367ccb9ba46f6f8bb
+    values:
+      - .ci/updatecli/values.d/scm.yml