feat(ci): introduce an automatic dependency managament based on depen…

…dabot Right now we are getting PR from dependabot for security vulnerabilities only. This configuration will enable dependabot to open PRs for direct and indirect upgrade of golang packages. It's also enabling github-actions version managment.
immobiliare · Jan 5, 2024 · ae4d919 · ae4d919
1 parent dd2a0a0
commit ae4d919
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,14 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    allow:
+      - dependency-type: "direct"
+      - dependency-type: "indirect"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"