feat: dependabot workflow automation for updating dependency (peak#530)

Manual control of dependency is fine but with a growing no. of distributed upstream dependencies, it is hard to manage. So, for that automation should be there to update dependencies. Further, CI Pipeline is there to test those changes. The current build is having many old dependencies due to that many vulnerabilities were found. i.e. why workflow automation will help here. Further, this will not update the dependencies automatically, instead, a PR will be opened with changes that can be reviewed and tested with CI. Signed-off-by: Pratik Raj [email protected]
vijaypabothu · Jul 31, 2023 · 987b4ae · 987b4ae
1 parent f758adf
commit 987b4ae
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+version: 2
+updates:
+  # Dependencies listed in go.mod
+  - package-ecosystem: "gomod"
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+
+  # Dependencies listed in .github/workflows/*.yml
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"