From 88975916a42530b6071b93dd9335c37d4781b096 Mon Sep 17 00:00:00 2001
From: Christophe Fergeau <cfergeau@redhat.com>
Date: Wed, 8 Nov 2023 12:51:02 +0100
Subject: [PATCH] github: Allow dependabot to file PRs

It will automatically open PRs to update go.mod, tools/go.mod and
.github/workflows when there are version changes.

github.com/openshift/* and k8s.io/* are ignored as these updates can be
tricky, and we want to stick to the versions corresponding to the
openshift bundle we are releasing crc with.

Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
---
 .github/dependabot.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000..3e5ea4e937
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,19 @@
+version: 2
+updates:
+- package-ecosystem: gomod
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  ignore:
+    - dependency-name: "github.com/openshift/*"
+    - dependency-name: "k8s.io/*"
+- package-ecosystem: gomod
+  directory: "/tools"
+  schedule:
+    interval: weekly
+  open-pull-requests-limit: 10
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"