forked from solo-io/gloo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdependabot.yml
21 lines (21 loc) · 920 Bytes
/
dependabot.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# We intentionally scope our dependabot.yml to _only_ GitHub actions
# This will allow us to bump versions of internal tools used in our pipeline more easily.
# We do not however, want to automatically bump customer-facing dependencies.
version: 2
updates:
# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
- package-ecosystem: "github-actions"
directory: "/"
schedule:
# Check for updates to GitHub Actions every week
interval: "weekly"
groups:
# Group all updates into a single PR, rather than 1 PR / dependency
"github-actions":
patterns:
- "*"
ignore:
# For setup-protoc, ignore all updates
# When we attempted to upgrade arduino/setup-protoc to v3, we encountered:
# "Error: Error: unable to get latest version"
- dependency-name: "arduino/setup-protoc"