use dependabot grouped updates
ignore upload/download-artifact until slsa updates
This commit is contained in:
parent
a694f3bf7a
commit
9080b95cc8
1 changed files with 22 additions and 7 deletions
29
.github/dependabot.yml
vendored
29
.github/dependabot.yml
vendored
|
|
@ -1,9 +1,24 @@
|
|||
version: 2
|
||||
updates:
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "monthly"
|
||||
day: "monday"
|
||||
time: "16:00"
|
||||
timezone: "UTC"
|
||||
- package-ecosystem: github-actions
|
||||
directory: /
|
||||
schedule:
|
||||
interval: monthly
|
||||
ignore:
|
||||
# slsa depends on upload/download v3
|
||||
- dependency-name: actions/upload-artifact
|
||||
versions: '>= 4'
|
||||
- dependency-name: actions/download-artifact
|
||||
versions: '>= 4'
|
||||
groups:
|
||||
github-actions:
|
||||
patterns:
|
||||
- '*'
|
||||
- package-ecosystem: pip
|
||||
directory: /requirements/
|
||||
schedule:
|
||||
interval: monthly
|
||||
groups:
|
||||
python-requirements:
|
||||
patterns:
|
||||
- '*'
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue