From 9080b95cc81101381fc95fd5b7724c670c9d1b88 Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 6 Apr 2024 16:22:40 -0700 Subject: [PATCH] use dependabot grouped updates ignore upload/download-artifact until slsa updates --- .github/dependabot.yml | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 90f94bc3..fa94b770 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,9 +1,24 @@ version: 2 updates: -- package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "monthly" - day: "monday" - time: "16:00" - timezone: "UTC" + - package-ecosystem: github-actions + directory: / + schedule: + interval: monthly + ignore: + # slsa depends on upload/download v3 + - dependency-name: actions/upload-artifact + versions: '>= 4' + - dependency-name: actions/download-artifact + versions: '>= 4' + groups: + github-actions: + patterns: + - '*' + - package-ecosystem: pip + directory: /requirements/ + schedule: + interval: monthly + groups: + python-requirements: + patterns: + - '*'