MNT: enable auto-updates for GHA with dependabot ?

[neutrinoceros]

We usually only upgrade GitHub Actions in our workflows manually, sometimes in response to deprecation warnings (#4076, #4290), or just as a routine housekeeping task (#3923, #4076, #4151).
In any case, it's a bit annoying to have to do this manually, and it can be avoided using dependabot, which has been integrated into GitHub itself.

I'd like to propose we enable it.

I've tested it on my personal projects, and all it takes is a small configuration file (.github/dependabot.yml)

version: 2
updates:
- package-ecosystem: github-actions
  directory: /.github/workflows
  schedule:
    interval: monthly

Any thoughts ?

[matthewturk]

I think we should. GitHub Actions are some of the ones I have the hardest time keeping track of!

…

On Mon, Feb 13, 2023 at 9:31 AM Clément Robert ***@***.***> wrote: We usually only upgrade GitHub Actions in our workflow manually, sometimes in response to deprecation warnings (#4076 <#4076>, #4290 <#4290>), or just as a routine housekeeping task (#3923 <#3923>, #4076 <#4076>, #4151 <#4151>). In any case, it's a bit annoying to have to do this manually, and it can be avoided using dependabot <https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot>, which has bee integrated into GitHub itself. I'd like to propose we enable it. I've tested it on my personal projects, and all it takes is a small configuration file (.github/dependabot.yml) version: 2updates: - package-ecosystem: github-actions directory: /.github/workflows schedule: interval: monthly Any thoughts ? — Reply to this email directly, view it on GitHub <#4333>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAVXO5UXPFKBNM3SUBZU3DWXJASTANCNFSM6AAAAAAU2KZBJM> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>