From d4c451512e26738aa4ce19754cf15f1bbe7ff693 Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik@sundellopensource.se>
Date: Fri, 19 Aug 2022 12:28:53 +0200
Subject: [PATCH] ci: add dependabot bumping of github actions

---
 .github/dependabot.yml | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 0380fe41..30072f5c 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,9 +1,25 @@
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
+# dependabot.yml reference: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+#
+# Notes:
+# - Status and logs from dependabot are provided at
+#   https://github.com/jupyterhub/configurable-http-proxy/network/updates.
+# - YAML anchors are not supported here or in GitHub Workflows.
+#
 version: 2
 updates:
+  # Maintain dependencies in our GitHub Workflows
+  - package-ecosystem: github-actions
+    directory: "/" # This should be / rather than .github/workflows
+    schedule:
+      interval: weekly
+      time: "05:00"
+      timezone: "Etc/UTC"
+    labels:
+      - ci
+
   - package-ecosystem: "npm"
     directory: "/" # Location of package[-lock].json
     schedule:
       interval: "weekly"
+      time: "05:00"
+      timezone: "Etc/UTC"