Upgrade pull requests for upstream components/oci images

[dkistner]

What would you like to be added: A mechanism to check periodically for new versions of external/upstream components (e.g. csi-drivers, Istio, cloud-controllers etc.) and integrate them into the managing component (e.g. Gardener, extensions etc.) by proposing an upgrade pull request.

This shall be done in a configurable way for each component.

Why is this needed: We have many components that manage upstream components/oci images. Keeping them up-to-date require constant efforts for the maintainers of the managing components. To ease this a bit it would be helpful to have a mechanism that proposes upgrade pull requests for new versions of the upstream components.

For each component it should be possible to define a strategy e.g. integrate only patches and minors or only patches etc.

As not all upstream components are consistently versioned in a Semver compatible way so this approach might not work for all upstream components.

One way to achieve this could be by relying on Github releases as we know via the sourceRepository field in the images.yaml [1, 2] already the repo of the upstream repo and could fetch the information there (of course only if releases are maintained).

After a chat/talk with @ccwienk and @AndreasBurger it seems that we have already a lot of the required functionally in place ref, but it is currently based on the OCM component model only which we cannot rely on for upstream components.

cc @kon-angelo, @ScheererJ, @zkdev /area dev-productivity /kind enhancement