use dependabot grouped updates

ignore upload/download-artifact until slsa updates
This commit is contained in:
David Lord 2024-04-06 16:22:40 -07:00
parent a694f3bf7a
commit 9080b95cc8
No known key found for this signature in database
GPG key ID: 7A1C87E3F5BC42A8

View file

@ -1,9 +1,24 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
day: "monday"
time: "16:00"
timezone: "UTC"
- package-ecosystem: github-actions
directory: /
schedule:
interval: monthly
ignore:
# slsa depends on upload/download v3
- dependency-name: actions/upload-artifact
versions: '>= 4'
- dependency-name: actions/download-artifact
versions: '>= 4'
groups:
github-actions:
patterns:
- '*'
- package-ecosystem: pip
directory: /requirements/
schedule:
interval: monthly
groups:
python-requirements:
patterns:
- '*'