Template
1
0
mirror of http://gitea.com/actions/checkout synced 2024-11-30 21:22:26 +08:00

Keep GitHub Actions up to date with GitHub's Dependabot

Fixes software supply chain safety warnings like at the bottom right of
https://github.com/actions/checkout/actions/runs/8497255927

* [Keeping your actions up to date with Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)
* [Configuration options for the dependabot.yml file - package-ecosystem](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem)
This commit is contained in:
Christian Clauss 2024-04-01 10:12:47 +02:00 committed by GitHub
parent cd7d8d697e
commit 766bfbad29
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

13
.github/dependabot.yml vendored Normal file
View File

@ -0,0 +1,13 @@
# Keep GitHub Actions up to date with GitHub's Dependabot...
# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
version: 2
updates:
- package-ecosystem: github-actions
directory: /
groups:
github-actions:
patterns:
- "*" # Group all Actions updates into a single larger pull request
schedule:
interval: weekly