build: upgrade to GitHub-native Dependabot (#2665)

* Upgrade to GitHub-native Dependabot

* ci: add dependabot-auto-merge action

* ci: update job name

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Matan Kushner <hello@matchai.dev>
This commit is contained in:
dependabot-preview[bot] 2021-04-29 18:14:11 -04:00 committed by GitHub
parent 540c2c2475
commit abe830ffe7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 37 additions and 2 deletions

23
.github/dependabot.yml vendored Normal file
View File

@ -0,0 +1,23 @@
version: 2
updates:
- package-ecosystem: cargo
directory: "/"
schedule:
interval: daily
open-pull-requests-limit: 10
labels:
- "\U0001F4E6 dependencies"
- package-ecosystem: npm
directory: "/docs"
schedule:
interval: weekly
open-pull-requests-limit: 10
labels:
- "\U0001F4E6 dependencies"
- package-ecosystem: github-actions
directory: "/"
schedule:
interval: daily
open-pull-requests-limit: 10
labels:
- "\U0001F4E6 dependencies"

14
.github/workflows/auto-merge.yml vendored Normal file
View File

@ -0,0 +1,14 @@
name: Dependabot
on: [pull_request]
jobs:
auto_merge:
name: Auto-merge Dependabot PRs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: ahmadnassri/action-dependabot-auto-merge@v2
with:
target: minor
github-token: ${{ secrets.DEPENDABOT_GITHUB_API_TOKEN }}

View File

@ -1,4 +1,3 @@
---
name: Security audit
on:
pull_request:

View File

@ -1,4 +1,3 @@
---
name: Main workflow
on:
push: