adding GH dependabot

Borda · Borda · commit 8bbb3e776e43 · 2023-02-02T11:08:04.000+01:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,40 @@
+# Basic dependabot.yml file with minimum configuration for two package managers
+
+version: 2
+updates:
+  # Enable version updates for python
+  - package-ecosystem: "pip"
+    # Look for a `requirements` in the `root` directory
+    directory: "..github/scripts/"
+    # Check for updates once a week
+    schedule:
+      interval: "monthly"
+    # Labels on pull requests for version updates only
+    labels:
+      - "ci"
+    pull-request-branch-name:
+      # Separate sections of the branch name with a hyphen
+      # for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1`
+      separator: "-"
+    # Allow up to 5 open pull requests for pip dependencies
+    open-pull-requests-limit: 5
+    reviewers:
+      - "dbieber"
+
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    # Check for updates once a week
+    schedule:
+      interval: "monthly"
+    # Labels on pull requests for version updates only
+    labels:
+      - "ci"
+    pull-request-branch-name:
+      # Separate sections of the branch name with a hyphen
+      # for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1`
+      separator: "-"
+    # Allow up to 5 open pull requests for GitHub Actions
+    open-pull-requests-limit: 5
+    reviewers:
+      - "dbieber"
