Keep GitHub Actions up to date with GitHub's Dependabot

Fixes software supply chain safety warnings by automating pull requests like 367cd96 * [Keeping your actions up to date with Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot) * [Configuration options for the dependabot.yml file - package-ecosystem](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem)
readthedocs · Oct 26, 2024 · 2eccbc7 · 2eccbc7
1 parent f5c7295
commit 2eccbc7
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+# Keep GitHub Actions up to date with GitHub's Dependabot...
+# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    groups:
+      github-actions:
+        patterns:
+          - "*"  # Group all Actions updates into a single larger pull request
+    schedule:
+      interval: monthly
diff --git a/docs/changes/484.misc.rst b/docs/changes/484.misc.rst
@@ -0,0 +1 @@
+Keep GitHub Actions up to date with GitHub's Dependabot
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Keep GitHub Actions up to date with GitHub's Dependabot