Dependabot configuration to update actions in workflows

[ScottBrenner]

Noticed the actions used in the workflows here are outdated, proposing a Dependabot configuration to update - reference https://docs.github.com/en/actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions#keeping-the-actions-in-your-workflows-secure-and-up-to-date

Suggest enabling https://docs.github.com/en/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners#enabling-or-disabling-for-your-repository as well

[coderabbitai]

Walkthrough

Introduces .github/dependabot.yml configuration file to enable automatic dependency updates for GitHub Actions. The configuration targets the GitHub Actions ecosystem, monitors the repository root, and schedules update checks on a weekly basis.

Changes

Cohort / File(s)	Change Summary
Dependabot configuration \.github/dependabot.yml	New file introducing Dependabot settings for automated GitHub Actions updates with weekly scheduling

Pre-merge checks

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: introducing Dependabot configuration specifically for updating GitHub Actions in workflows.
Description check	✅ Passed	The description is directly related to the changeset, explaining the motivation for adding Dependabot configuration and referencing relevant GitHub documentation.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 5d80946 and ab1ae5c.

📒 Files selected for processing (1)

• .github/dependabot.yml (1 hunks)

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Well-configured Dependabot setup for GitHub Actions.

The configuration is correctly formatted and successfully enables automatic dependency updates for GitHub Actions. The weekly schedule is a sensible default for most projects.

For future iterations, consider adding optional fields (e.g., assignees, reviewers, pull-request-branch-name) to better align the auto-generated pull requests with your project's review and assignment workflows.

🤖 Prompt for AI Agents

.github/dependabot.yml lines 1-9: add optional Dependabot fields to the existing
github-actions update entry to auto-assign and route PRs into your review
workflow—specifically add an assignees list, a reviewers list (or team), and a
pull-request-branch-name pattern under the github-actions package-ecosystem
block so Dependabot-created PRs are assigned to the right people/teams and use a
predictable branch name; keep the weekly schedule and ensure names match your
repo's users/teams.