Skip to content

Commit

Permalink
Use dependabot to periodically check for updated actions. (#489)
Browse files Browse the repository at this point in the history 
This is essentially the exact file that GitHub proposes here:

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot#example-dependabotyml-file-for-github-actions

Adding this file to the repository would simplify the update process of
actions used in the CI.

You might need to additionally enable dependabot for this repository to
actually make this work. You should be able to find that setting on the
"Insights" tab in the "Dependency graph" section.

If it works, the bot will automatically create PRs for CI actions that
are out of date. You can still decide to not merge those PRs. So
everything will still be in your hands.

Potential caveat: This file might need to exist on the default branch of
this repository (i.e., `main`) to actually have an effect.

Signed-off-by: Markus Mützel <markus.muetzel@gmx.de>
  • Loading branch information
@mmuetzel @gardner48
mmuetzel authored and gardner48 committed Jun 20, 2024
1 parent 4b473bd commit 9d92648
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
version: 2
updates:

- package-ecosystem: "github-actions"
directory: "/"
schedule:
# Check for updates to GitHub Actions every week
interval: "weekly"

0 comments on commit 9d92648

Please sign in to comment.