Dependabot was turned off for this repo, and the existing PRs were for a workflow that no longer exists. This config creates groups to ensure we can update each workflow independently, with their dependencies grouped as a single PR for each directory. There are a number of outdated workflows, so I expect there to be a few PRs raised when we merge.
Changes proposed in this pull request
dependabot.yml config to organise and turn on dependabot for github actions.
Guidance to review
I left out the "reviewers" for this because I don't know who owns what. It might be worth us creating a CODEOWNERS file for this repo so the right people can be involved when PRs are raised against actions their team built.
After merging
We should watch out for the PRs and review/merge them when they are raised.
Checklist
[X] I have performed a self-review of my code, including formatting and typos
Context
Dependabot was turned off for this repo, and the existing PRs were for a workflow that no longer exists. This config creates groups to ensure we can update each workflow independently, with their dependencies grouped as a single PR for each directory. There are a number of outdated workflows, so I expect there to be a few PRs raised when we merge.
Changes proposed in this pull request
dependabot.yml config to organise and turn on dependabot for github actions.
Guidance to review
I left out the "reviewers" for this because I don't know who owns what. It might be worth us creating a CODEOWNERS file for this repo so the right people can be involved when PRs are raised against actions their team built.
After merging
We should watch out for the PRs and review/merge them when they are raised.
Checklist
Devops
label