From 12991b4d6c74c7431fef3ddbb83b6b8111d880f3 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Thu, 20 Aug 2020 17:31:36 +0200 Subject: [PATCH] Add note about dependabot --- README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README.md b/README.md index a3f0712..0c7c71b 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,7 @@ ___ * [AWS Elastic Container Registry (ECR)](#gitlab) * [Customizing](#customizing) * [inputs](#inputs) +* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot) * [Limitation](#limitation) * [How can I help?](#how-can-i-help) * [License](#license) @@ -176,6 +177,22 @@ Following inputs can be used as `step.with` keys | `password` | String | | Password or personal access token used to log against the Docker registry | | `logout` | Bool | `true` | Log out from the Docker registry at the end of a job | +## Keep up-to-date with GitHub Dependabot + +Since [Dependabot](https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot) +has [native GitHub Actions support](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem), +to enable it on your GitHub repo all you need to do is add the `.github/dependabot.yml` file: + +```yaml +version: 2 +updates: + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" +``` + ## Limitation This action is only available for Linux [virtual environments](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources).