github: Add dependency checker action

Add an action, dependabot, that will periodically check GitHub Actions dependencies. It is currently configured to run weekly. If dependabot finds an update, it will open a pull request. See here for more details: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot Signed-off-by: Tom Hromatka <[email protected]> [PM: added a trailing space to the "RFE:" prefix] Signed-off-by: Paul Moore <[email protected]>
seccomp · Feb 6, 2023 · 791a252 · 791a252
1 parent bfbc977
commit 791a252
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,23 @@
+#
+# Dependabot Workflow for libseccomp
+#
+# Copyright (c) 2023 Oracle and/or its affiliates.
+# Author: Tom Hromatka <[email protected]>
+#
+
+# based on this guide from GitHub:
+# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
+
+version: 2
+updates:
+
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ schedule:
+ # Check for updates to GitHub Actions every week
+ interval: "weekly"
+ commit-message:
+ prefix: "RFE: "
+ labels:
+ - "enhancement"
+ - "priority/low"