use dependabot grouped updates

ignore upload/download-artifact until slsa updates
This commit is contained in:
David Lord 2024-04-06 16:22:40 -07:00
parent a694f3bf7a
commit 9080b95cc8
No known key found for this signature in database
GPG key ID: 7A1C87E3F5BC42A8

View file

@ -1,9 +1,24 @@
version: 2 version: 2
updates: updates:
- package-ecosystem: "github-actions" - package-ecosystem: github-actions
directory: "/" directory: /
schedule: schedule:
interval: "monthly" interval: monthly
day: "monday" ignore:
time: "16:00" # slsa depends on upload/download v3
timezone: "UTC" - dependency-name: actions/upload-artifact
versions: '>= 4'
- dependency-name: actions/download-artifact
versions: '>= 4'
groups:
github-actions:
patterns:
- '*'
- package-ecosystem: pip
directory: /requirements/
schedule:
interval: monthly
groups:
python-requirements:
patterns:
- '*'