Merge rust-bitcoin/rust-bitcoin#2052: CI: Add `dependabot.yml`

milksad

36a294b018 CI: Add `dependabot.yml` (Einherjar)

Pull request description:

  Fixes #2051.

  This does not touch Rust code or Cargo workflows.
  It creates a dependabot update only restricted to `"github-actions"`.

  We are using outdated `actions/checkout`, `actions/cache` (`v2` in some and `v3` in others were the must up-to-date is `v4`).

  For the `dtolnay/rust-toolchain@1.48.0` in
  f8d7bcfce2/.github/workflows/rust.yml (L77)
  it would not touch it only if there is a `1.48.X` increase in `X`.

  For the `actions-rs/toolchain@v1` in f8d7bcfce2/.github/workflows/fuzz.yml (L50) it will only update if we have `actions-rs/toolchain@vX` increase in `X`.

  **And to stress that again, it will ⚠️ create PRs and we would need to approve them ⚠️ (they would be subject to the same merge policy) to instantiate the proposed dependabots into `master`.**

ACKs for top commit:
  tcharding:
    ACK 36a294b018
  apoelstra:
    ACK 36a294b018

Tree-SHA512: 84860c8ee37d3e50f4e0c3118ac5edbfa4bd9046a553c353ae553e44051b2b8d2b0575e761d73c26964d51dda5ba03534204037cb5eca6edd6d2a3b7005c522c

This commit is contained in:

Andrew Poelstra

2023-09-08 20:12:08 +00:00

parent f8d7bcfce2 36a294b018

commit b2b562d44b

No known key found for this signature in database

GPG Key ID: C588D63CE41B97C1

1 changed files with 8 additions and 0 deletions

									
										8

.github/dependabot.ymlvendoredNormal file

										View File
									
				@ -0,0 +1,8 @@

				# Set update schedule for GitHub Actions

				version: 2

				updates:

				  - package-ecosystem: "github-actions"

				    directory: "/"

				    schedule:

				      # Check for updates to GitHub Actions every week

				      interval: "weekly"

Merge rust-bitcoin/rust-bitcoin#2052: CI: Add `dependabot.yml`

8 .github/dependabot.yml vendored Normal file Unescape Escape View File

8

.github/dependabot.yml vendored Normal file

View File