Adding this file to the repository would simplify the update process of actions used in the CI.
You might need to additionally enable dependabot for this repository to actually make this work. You should be able to find that setting on the "Insights" tab in the "Dependency graph" section.
If it works, the bot will automatically create PRs for CI actions that are out of date (similar to #758 but automated). You can still decide to not merge those PRs. So everything will still be in your hands.
Potential caveat: This file might need to exist on the default branch of this repository (i.e., dev) to actually have an effect.
This is essentially the exact file that GitHub proposes here: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot#example-dependabotyml-file-for-github-actions
Adding this file to the repository would simplify the update process of actions used in the CI.
You might need to additionally enable dependabot for this repository to actually make this work. You should be able to find that setting on the "Insights" tab in the "Dependency graph" section.
If it works, the bot will automatically create PRs for CI actions that are out of date (similar to #758 but automated). You can still decide to not merge those PRs. So everything will still be in your hands.
Potential caveat: This file might need to exist on the default branch of this repository (i.e.,
dev) to actually have an effect.