Add semi-automated Alpine base image update workflow

[Claude]

Implements automated detection and PR creation for Alpine Linux major/minor version updates while preserving existing Renovate bot package management.

Changes

New Workflow (.github/workflows/update-alpine.yml)

• Daily check at 6:00 UTC for new Alpine major/minor versions via Docker Hub API
• Auto-creates branch alpine/update-to-X.Y.Z from dev when new version detected
• Updates Dockerfile base image references (FROM alpine:X.Y.Z)
• Updates all package repository prefixes (alpine_3_22/ → alpine_3_23/)
• Creates PR with detailed testing checklist
• Manual workflow_dispatch trigger available

Renovate Configuration (renovate.json)

• Added explicit rule: Alpine patch updates → auto-merge enabled
• Added explicit rule: Alpine minor/major updates → auto-merge disabled
• Prevents conflict between GitHub Actions workflow and Renovate bot
• Existing package update behavior unchanged

Documentation (README.md)

• New "Automated Dependency Management" section
• Documents workflow operation and Renovate integration
• Clarifies manual review requirements

Workflow Integration

Alpine 3.23 released
  ↓
Daily workflow detects new version
  ↓
PR created: alpine/update-to-3.23.0
  ↓
CI tests run automatically (test-pr.yml)
  ↓
Manual review & merge
  ↓
Renovate creates follow-up PRs for package updates

All requirements satisfied:

• ✅ Triggers on Alpine minor/major version updates
• ✅ Existing tests must pass (via test-pr.yml)
• ✅ Creates branch from dev with PR for review
• ✅ Retains Renovate for package version control

[codacy-production]

Not up to standards ⛔

🔴 Issues 1 high

Alerts:
⚠ 1 issue (≤ 0 issues of at least minor severity)

Results:
1 new issue

Category	Results
Security	1 high

View in Codacy

_{TIP This summary will be updated as you push new changes. Give us feedback}