update dependabot.yml #95
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The name used in the GitHub UI for the workflow | |
| name: "update dependabot.yml" | |
| # When to run this action: | |
| # - Scheduled to run at 5 AM every Monday. | |
| # - Manually runnable from the GitHub UI with a reason | |
| on: | |
| schedule: | |
| - cron: "0 5 * * 1" # 5 AM every Monday. | |
| workflow_dispatch: | |
| inputs: | |
| reason: | |
| description: "The reason for running the workflow" | |
| required: true | |
| default: "Manual run" | |
| # Run on the latest version of Ubuntu | |
| permissions: | |
| contents: read | |
| jobs: | |
| dependabot-bot: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| # Checkout the repo into the workspace within the VM | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| # - name: Setup .NET | |
| # uses: actions/setup-dotnet@4d4a70f4a5b2a5a5329f13be4ac933f2c9206ac0 | |
| # with: | |
| # dotnet-version: 7.0.x | |
| # dotnet-quality: 'preview' | |
| # If triggered manually, print the reason why | |
| - name: "Print manual run reason" | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| run: | | |
| echo "Reason: ${{ github.event.inputs.reason }}" | |
| # Run the .NET dependabot-bot tool | |
| - name: dependabot-bot | |
| id: dependabot-bot | |
| uses: dotnet/docs-tools/actions/dependabot-bot@5e8bcc78465d45a7544bba56509a1a69922b6a5a # main | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| root-directory: "/github/workspace" | |
| dependabot-yml-path: ".github/dependabot.yml" | |
| - name: Create pull request | |
| if: github.event_name == 'workflow_dispatch' || github.repository_owner == 'dotnet' | |
| uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c | |
| with: | |
| branch: create-dependabotconfig-pull-request/patch | |
| title: "Update dependabot.yml - automatically." | |
| body: ".NET dependabot-bot automated PR. 🤖" | |
| commit-message: ".NET dependabot-bot automated PR." |