dependabot.yml

# See: https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#about-the-dependabotyml-file
version: 2

updates:
  # Configure check for outdated GitHub Actions actions in workflows.
  # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/dependabot/README.md
  # See: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot
  - package-ecosystem: github-actions
    directory: / # Check the repository's workflows under /.github/workflows/
    schedule:
      interval: daily
    labels:
      - "topic: infrastructure"
    commit-message:
      prefix: "[skip changelog] "
  - package-ecosystem: gomod
    directory: /
    schedule:
      interval: daily
    open-pull-requests-limit: 10
    labels:
      - "topic: infrastructure"
    commit-message:
      prefix: "[skip changelog] "