Add Dependabot configuration for GitHub Actions updates · bf62578fec - Gogs

Add Dependabot configuration for GitHub Actions updates

Add a Dependabot configuration that checks once a week if the GitHub Actions are still using the latest version. If not, it opens a PR to update them.

It will actually open few PRs, since only major versions are specified (like v3), so only on a major release (like v4) it will update and open a PR. But it helps actively keep GitHub Actions workflows up to date and secure.

See https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

Ewout ter Hoeven 2 年之前

父節點

1e99e35572

當前提交

bf62578fec

共有 1 個文件被更改，包括 7 次插入 和 0 次删除

分割檢視顯示文件統計

						
							+ 7
							
							- 0
						
.github/dependabot.yml
							 
								查看文件
							
				@@ -0,0 +1,7 @@
			
				+version: 2
			
				+updates:
			
				+  # Maintain dependencies for GitHub Actions
			
				+  - package-ecosystem: "github-actions"
			
				+    directory: "/"
			
				+    schedule:
			
				+      interval: "weekly"