Enable dependabot

kolyshkin · kolyshkin · commit 7ca54562996a · 2021-06-01T17:40:35.000-07:00
This should enable a bot that auto-creates PRs to update dependencies. For more info, see https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically Once enabled, dependabot work should be seen at https://github.com/opencontainers/runc/network/updates (as well as new PRs). Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,25 @@
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  # Dependencies listed in go.mod
+  - package-ecosystem: "gomod"
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"
+    ignore:
+      # a regression in v1.22.2, see https://github.com/urfave/cli/issues/1092
+      - dependency-name: "github.com/urfave/cli"
+
+  # Dependencies listed in .github/workflows/*.yml
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  # Dependencies listed in Dockerfile
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
