From 6adce73025d98c93ebf2a248c8baef4e6fe93a29 Mon Sep 17 00:00:00 2001
From: Hans Keeler <hkeeler@users.noreply.github.com>
Date: Thu, 2 May 2024 17:40:49 -0700
Subject: [PATCH] Add `dependabot.yml` for version update config (#145)

This PR adds the
[`dependabot.yml`](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file)
config file, which defines which package types dependabot should look
for update for, and on what schedule.

We noticed that when we added CodeQL and dependabot at the same time
that it threw some errors. Seems like we need to merge CodeQL first
(#144), _then_ this PR.
---
 .github/dependabot.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..d9a00ae
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"