From 6e67d80b4d492721e60b361de460ac1fd2a0f6be Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Mon, 14 Nov 2022 22:42:31 -0500 Subject: [PATCH] .github/dependabot.yml: Enable dependabot (#169) ## Description Enables dependabot in this repo. This GitHub action will automatically create pull requests and summarize the dependency details. Because it is a pull request, the CI system will validate the dependency update in the pull request. Configures dependabot for: 1. PIP module updates 2. Submodule updates 3. GitHub action updates - [ ] Breaking change? - Will this change break pre-existing builds or functionality without action being taken? **No** ## How This Was Tested Verified config in other repos. ## Integration Instructions N/A - Impacts this repo Signed-off-by: Michael Kubacki Signed-off-by: Michael Kubacki --- .github/dependabot.yml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..fafcc343eb --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,34 @@ +## @file +# Dependabot configuration file to enable GitHub services for managing and updating +# dependencies. +# +# Copyright (c) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates +## + +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "daily" + commit-message: + prefix: "pip" + + - package-ecosystem: "gitsubmodule" + directory: "/" + schedule: + interval: "daily" + commit-message: + prefix: "submodule" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + commit-message: + prefix: "GitHub Action"