Merge pull request #418 from consideRatio/pr/dependabot-config

minrk · web-flow · commit f7ae912f76f6 · 2022-08-19T12:32:32.000+02:00
ci: add dependabot bumping of github actions
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,9 +1,25 @@
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
+# dependabot.yml reference: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+#
+# Notes:
+# - Status and logs from dependabot are provided at
+#   https://github.com/jupyterhub/configurable-http-proxy/network/updates.
+# - YAML anchors are not supported here or in GitHub Workflows.
+#
 version: 2
 updates:
+  # Maintain dependencies in our GitHub Workflows
+  - package-ecosystem: github-actions
+    directory: "/" # This should be / rather than .github/workflows
+    schedule:
+      interval: weekly
+      time: "05:00"
+      timezone: "Etc/UTC"
+    labels:
+      - ci
+
   - package-ecosystem: "npm"
     directory: "/" # Location of package[-lock].json
     schedule:
       interval: "weekly"
+      time: "05:00"
+      timezone: "Etc/UTC"
