From d6f5352b48b274172e482f66bd6897cbe5801950 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=BCtzel?= Date: Tue, 21 May 2024 01:47:01 +0200 Subject: [PATCH] Use dependabot to periodically check for updated actions. (#489) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is essentially the exact file that GitHub proposes here: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot#example-dependabotyml-file-for-github-actions Adding this file to the repository would simplify the update process of actions used in the CI. You might need to additionally enable dependabot for this repository to actually make this work. You should be able to find that setting on the "Insights" tab in the "Dependency graph" section. If it works, the bot will automatically create PRs for CI actions that are out of date. You can still decide to not merge those PRs. So everything will still be in your hands. Potential caveat: This file might need to exist on the default branch of this repository (i.e., `main`) to actually have an effect. Signed-off-by: Markus Mützel --- .github/dependabot.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..df4d15b35c --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +version: 2 +updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + # Check for updates to GitHub Actions every week + interval: "weekly"