Add dependabot.yml - Githubissues

nginx / unit

NGINX Unit - universal web app server - a lightweight and versatile open source server that simplifies the application stack by natively executing application code across eight different programming language runtimes.

https://unit.nginx.org

Apache License 2.0

5.25k stars 322 forks source link

Add dependabot.yml #1174

Closed arbourd closed 3 months ago

arbourd commented 3 months ago

We already use dependabot for security related patches, by default.

This change adds a dependabot.yml configuration file that explicitly enables the service to manage versions of Actions in GitHub Actions. This ensures that Actions like setup-go are updated timely.

This change does not affect how Dependabot manages versions for Go, Rust, etc. The file can be used to configure that for additional package managers and languages in the future, if desired.

ac000 commented 3 months ago

EDIT: Use the right url...

So how does this actually look like?

This?

As long as it won't be doing something funky like automatically committing changes to the repository...

arbourd commented 3 months ago

It wouldn't update the repository directly @ac000, but it will open a PR. It would look something like this: https://github.com/arbourd/concourse-slack-alert-resource/pull/115