Add Dependabot configuration for Docker and GitHub Actions

[guibranco]

User description

Closes #

📑 Description

✅ Checks

• [ ] My pull request adheres to the code style of this project
• [ ] My code requires changes to the documentation
• [ ] I have updated the documentation as required
• [ ] All the tests have passed

☢️ Does this introduce a breaking change?

• [ ] Yes
• [ ] No

ℹ Additional Information

---

Description

• Introduced a new .github/dependabot.yml file to automate dependency updates.
• Configured Dependabot to check for updates weekly for both Docker and GitHub Actions.
• Assigned guibranco as the assignee and reviewer for the pull requests created by Dependabot.

---

Changes walkthrough 📝

	Relevant files
Configuration changes	dependabot.yml Add Dependabot configuration for dependency management      .github/dependabot.yml Added configuration for Dependabot to manage dependencies. Set up weekly updates for Docker and GitHub Actions. Specified assignees, reviewers, and labels for pull requests. +28/-0

---

💡 Penify usage: Comment /help on the PR to get a list of all available Penify tools and their descriptions

[penify-dev[bot]]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	1, because the changes are straightforward and involve adding a configuration file with a clear structure.
🧪 Relevant tests	No
⚡ Possible issues	No
🔒 Security concerns	No

[penify-dev[bot]]

PR Code Suggestions ✨

Category	Suggestion	Score
Maintainability	Consolidate repeated entries for better maintainability ___ **Consider using a single entry for assignees, reviewers, and labels to avoid redundancy and improve maintainability.** [.github/dependabot.yml [9-14]](https://github.com/guibranco/gstraccini-bot-api/pull/10/files#diff-dd4fbda47e51f1e35defb9275a9cd9c212ecde0b870cba89ddaaae65c5f3cd28R9-R14) ```diff -assignees: - - "guibranco" -reviewers: - - "guibranco" -labels: - - "docker" - - "dependencies" +assignees: ["guibranco"] +reviewers: ["guibranco"] +labels: ["docker", "dependencies"] ``` Suggestion importance[1-10]: 8 Why: This suggestion addresses redundancy in the configuration, which can improve maintainability and readability.	8
Possible issue	Evaluate if configurations can be merged to reduce duplication ___ **Review the necessity of having separate configurations for docker and github-actions if they share similar settings.** [.github/dependabot.yml [4]](https://github.com/guibranco/gstraccini-bot-api/pull/10/files#diff-dd4fbda47e51f1e35defb9275a9cd9c212ecde0b870cba89ddaaae65c5f3cd28R4-R4) ```diff -package-ecosystem: "docker" +# Consider merging configurations if possible ``` Suggestion importance[1-10]: 6 Why: This suggestion encourages evaluating potential duplication, which can lead to cleaner configurations, though it may not be an immediate issue.	6
Best practice	Adjust the limit of open pull requests to better fit team capacity ___ **Ensure that the open-pull-requests-limit is set according to your team's workflow to avoid overwhelming reviewers.** [.github/dependabot.yml [8]](https://github.com/guibranco/gstraccini-bot-api/pull/10/files#diff-dd4fbda47e51f1e35defb9275a9cd9c212ecde0b870cba89ddaaae65c5f3cd28R8-R8) ```diff -open-pull-requests-limit: 50 +open-pull-requests-limit: 10 # Adjust based on team capacity ``` Suggestion importance[1-10]: 5 Why: While adjusting the limit can be beneficial, the current value is not inherently problematic without context on team capacity.	5
Enhancement	Add a commit message to clarify the purpose of dependency updates ___ **Consider specifying a `commit-message` for better clarity on the purpose of the updates.** [.github/dependabot.yml [6]](https://github.com/guibranco/gstraccini-bot-api/pull/10/files#diff-dd4fbda47e51f1e35defb9275a9cd9c212ecde0b870cba89ddaaae65c5f3cd28R6-R6) ```diff schedule: interval: weekly + commit-message: "Update dependencies" ``` Suggestion importance[1-10]: 4 Why: Adding a commit message can enhance clarity, but it is not critical for functionality or maintainability.	4