What does this PR do?

• Run on Saturdays, a few hours after VM images are produced.
• Create PRs per active branch instead of using the backport labels.
• Use slack composite action.
• Notify the robots team if something goes wrong with the GH actions.
• Enable auto approval and auto-merge with Mergify [Need to configure the branch protections accordingly]

Why is it important?

A follow-up from #8211

Checklist

• I have read and understood the pull request guidelines of this project.
• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool
• I have added an integration test or an E2E test

Disruptive User Impact

How to test this PR locally

$ GITHUB_TOKEN=$(gh auth token) \
  GITHUB_ACTOR=v1v \
  BRANCH_NAME=main updatecli apply \
    --config .ci/updatecli/updatecli-bump-vm-images.yml \
    --values .ci/updatecli/values.d/scm.yml

Produced v1v#7

Then I targeted a different branch

$ GITHUB_TOKEN=$(gh auth token) \
  GITHUB_ACTOR=v1v \
  BRANCH_NAME=main updatecli apply \
    --config .ci/updatecli/updatecli-bump-vm-images.yml \
    --values .ci/updatecli/values.d/scm.yml

Produced v1v#8

Related issues

Questions to ask yourself

• How are we going to support this in production?
• How are we going to measure its adoption?
• How are we going to debug this?
• What are the metrics I should take care of?
• ...