Add/enable Dependabot to keep dependencies up-to-date

Enabled update checking via Dependabot for
* GitHub Actions for updates or in case you are going to use that (just my default)
* PHP aka Composer

We successfully use it [for our Docker container](https://github.com/PrivateBin/docker-nginx-fpm-alpine/blob/master/.github/dependabot.yml) and IMHO that has worked quite well, so IMHO, we can also use it here now.
This commit is contained in:
rugk 2022-06-09 23:42:03 +02:00 committed by GitHub
parent 0ebac188a8
commit 3c8c32fbcb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

14
.github/dependabot.yml vendored Normal file
View file

@ -0,0 +1,14 @@
version: 2
updates:
# Maintain dependencies for GitHub Actions
# src: https://github.com/marketplace/actions/build-and-push-docker-images#keep-up-to-date-with-github-dependabot
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
# Also keep PHP (Composer) dependencies up-to-date
# see: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
- package-ecosystem: "composer"
directory: "/"
schedule:
interval: "daily"