From 692b3dfd144c2dea2ac07b1298d1422877af89c5 Mon Sep 17 00:00:00 2001 From: per1234 Date: Wed, 4 Aug 2021 20:30:29 -0700 Subject: [PATCH 1/3] Configure Dependabot to check for outdated actions used in workflows Dependabot will periodically check the versions of all actions used in the repository's workflows. If any are found to be outdated, it will submit a pull request to update them. NOTE: Dependabot's PRs will occasionally propose to pin to the patch version of the action (e.g., updating `uses: foo/bar@v1` to `uses: foo/bar@v2.3.4`). When the action author has provided a major version ref, use that instead (e.g., `uses: foo/bar@v2`). Dependabot will automatically close its PR once the workflow has been updated. More information: https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot --- .github/dependabot.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..f2bfa7243 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +# See: https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#about-the-dependabotyml-file +version: 2 + +updates: + # Configure check for outdated GitHub Actions actions in workflows. + # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/dependabot/README.md + # See: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot + - package-ecosystem: github-actions + directory: / # Check the repository's workflows under /.github/workflows/ + schedule: + interval: daily + labels: + - "topic: infrastructure" From 81be80c53f5b14ed118fa0041c708f1ba3336b64 Mon Sep 17 00:00:00 2001 From: per1234 Date: Wed, 4 Aug 2021 20:31:44 -0700 Subject: [PATCH 2/3] Configure Dependabot for updates to Python dependencies --- .github/dependabot.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f2bfa7243..972d6ec59 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,3 +11,10 @@ updates: interval: daily labels: - "topic: infrastructure" + + - package-ecosystem: pip + directory: / + schedule: + interval: daily + labels: + - "topic: infrastructure" From cd748b7bd3c989600118f64c33827a8bb7148d06 Mon Sep 17 00:00:00 2001 From: per1234 Date: Wed, 4 Aug 2021 20:33:41 -0700 Subject: [PATCH 3/3] Configure Dependabot for updates to Go dependencies --- .github/dependabot.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 972d6ec59..bcb71ba56 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,6 +12,19 @@ updates: labels: - "topic: infrastructure" + - package-ecosystem: gomod + directory: / + schedule: + interval: daily + labels: + - "topic: infrastructure" + - package-ecosystem: gomod + directory: /docsgen/ + schedule: + interval: daily + labels: + - "topic: infrastructure" + - package-ecosystem: pip directory: / schedule: