[CI] configure automerge for renovate, use devbox for GHA on build+test (#1047)

* configure automerge for renovate

* GHA is complaining about devbox so update the lock file

* dead link found

* 3 more go vulnerabilities in 1.25.7

Author: AshleyDumaine

.github/workflows/build_test_ci.yml

@@ -48,7 +48,6 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@v2
         with:
-          disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
             api.github.com:443
@@ -75,8 +74,14 @@ jobs:
           go-version-file: 'go.mod'
           check-latest: true
 
+      - name: Install devbox
+        uses: jetify-com/devbox-install-action@v0.14.0
+        with:
+          enable-cache: 'true'
+          refresh-cli: 'false'
+
       - name: Test
-        run: make test
+        run: devbox run make test
 
       - name: Upload coverage reports to Codecov
         uses: codecov/codecov-action@v5

.github/workflows/e2e-test.yaml

@@ -84,7 +84,6 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@v2
         with:
-          disable-sudo: true
           egress-policy: audit
           allowed-endpoints: >
             *:6443
@@ -132,6 +131,12 @@ jobs:
         with:
           key: docker-${{ runner.os }}-${{ hashFiles('go.sum') }}
 
+      - name: Install devbox
+        uses: jetify-com/devbox-install-action@v0.14.0
+        with:
+          enable-cache: 'true'
+          refresh-cli: 'false'
+
       - name: Run E2E Test
         env:
           E2E_FLAGS: ${{ inputs.e2e-flags }}
@@ -143,7 +148,7 @@ jobs:
           LINODE_MACHINE_TYPE: g6-standard-2
           CLUSTERCTL_CONFIG: /home/runner/work/cluster-api-provider-linode/cluster-api-provider-linode/e2e/gha-clusterctl-config.yaml
           LINODE_CLIENT_TIMEOUT: 30
-        run: make e2etest
+        run: devbox run make e2etest
 
       - name: cleanup stale clusters
         if: ${{ always() }}

.github/workflows/pull_request_ci.yaml

@@ -51,7 +51,6 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@v2
         with:
-          disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
             api.github.com:443
@@ -76,8 +75,14 @@ jobs:
           go-version-file: 'go.mod'
           check-latest: true
 
+      - name: Install devbox
+        uses: jetify-com/devbox-install-action@v0.14.0
+        with:
+          enable-cache: 'true'
+          refresh-cli: 'false'
+
       - name: Build
-        run: make build
+        run: devbox run make build
 
       - name: Check for generated diff
         run: make check-gen-diff