Enable Depbot doing a weekly scan of github actions

Danger of enabling SHA pinning for actions is that they're not particualrly readable and so we could strand versions and not get legitimate updates. DepBot now supports updates for pinned actions where there is the version number in a comment afterwards (as the tool linked in previous commits provides automatically). So let's enable DepBot scans, initially set at weekly. See: dependabot/dependabot-core#5951 https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot https://github.blog/changelog/2022-10-31-dependabot-now-updates-comments-in-github-actions-workflows-referencing-action-versions/
govuk-one-login · Feb 8, 2024 · b0e257a · b0e257a
1 parent b12b32d
commit b0e257a
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -6,3 +6,8 @@ updates:
       interval: "daily"
     commit-message:
       prefix: "BAU"
+  - package-ecosystem: "github-actions"
+    directory: "/.github/"
+    schedule:
+      # Check for updates to GitHub Actions every week
+      interval: "weekly"