feat: emit the renovate report as a build artifact from renovate job

In future, this report may be useful for vulnerability management, for
example.

renovate-bot.yml

@@ -103,12 +103,15 @@ renovate_bot:
     GIT_STRATEGY: none # renovate will run it's own clone
   script:
     - 'echo "Note: RENOVATE_GITLAB_TOKEN secret configured via $RENOVATE_BOT_AUTH_SOURCE"'
+    - mkdir -p report/
     - npx renovate --token "${RENOVATE_GITLAB_TOKEN}"
       --platform gitlab
       --cache-dir "${CI_PROJECT_DIR}/renovate-cache"
       --allowed-post-upgrade-commands '[".*"]'
       --allow-scripts true
       --ignore-scripts false
+      --report-type file
+      --report-path report/renovate-report.json
       --allow-post-upgrade-command-templating true
       --expose-all-env true
       --detect-host-rules-from-env true
@@ -126,6 +129,14 @@ renovate_bot:
     key: renovate-cache
     paths:
       - renovate-cache
+  artifacts:
+    expose_as: "Renovate Report"
+    name: "renovate-report.json"
+    paths:
+      - report/renovate-report.json
+    expire_in: 1 week
+    access: 'developer'
+    when: always
 # Sometimes we want to ignore any renovate schedules and
 # create an MR immediately.
@@ -136,7 +147,7 @@ renovate_bot_immediate:
     - .renovate_bot_auth_config  # Configure vault or variables, from internal/renovate-bot/*
   script:
     - 'echo "Note: RENOVATE_GITLAB_TOKEN secret configured via $RENOVATE_BOT_AUTH_SOURCE"'
-
+    - mkdir -p report/
     # Note: renovate immmediate doesn't use a cache to avoid stale updates
     - npx renovate --token "${RENOVATE_GITLAB_TOKEN}"
       --platform gitlab
@@ -148,9 +159,19 @@ renovate_bot_immediate:
       --allow-scripts true
       --rebase-when behind-base-branch
       --ignore-scripts false
+      --report-type file
+      --report-path report/renovate-report.json
       --schedule "at any time"
       ${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}
   rules:
     - if: "$RENOVATE_IMMEDIATE"
       exists:
         - renovate.json
+  artifacts:
+    expose_as: "Renovate Report"
+    name: "renovate-report.json"
+    paths:
+      - report/renovate-report.json
+    expire_in: 1 week
+    access: 'developer'
+    when: always

renovate-common.json

@@ -349,21 +349,21 @@
       "description": "Add labels for MAJOR semver releases",
       "matchUpdateTypes": "major",
       "addLabels": [
-        "dependency::major"
+        "dependency-type::major"
       ]
     },
     {
       "description": "Add labels for MINOR semver releases",
       "matchUpdateTypes": "minor",
       "addLabels": [
-        "dependency::minor"
+        "dependency-type::minor"
       ]
     },
     {
       "description": "Add labels for PATCH semver releases",
       "matchUpdateTypes": "patch",
       "addLabels": [
-        "dependency::patch"
+        "dependency-type::patch"
       ]
     }
   ],