Skip to content

update dependabot.yml #113

update dependabot.yml

update dependabot.yml #113

# The name used in the GitHub UI for the workflow
name: "update dependabot.yml"
# When to run this action:
# - Scheduled to run at 5 AM every Monday.
# - Manually runnable from the GitHub UI with a reason
on:
schedule:
- cron: "0 5 * * 1" # 5 AM every Monday.
workflow_dispatch:
inputs:
reason:
description: "The reason for running the workflow"
required: true
default: "Manual run"
# Run on the latest version of Ubuntu
permissions:
contents: read
jobs:
dependabot-bot:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
# Checkout the repo into the workspace within the VM
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# - name: Setup .NET
# uses: actions/setup-dotnet@4d4a70f4a5b2a5a5329f13be4ac933f2c9206ac0
# with:
# dotnet-version: 7.0.x
# dotnet-quality: 'preview'
# If triggered manually, print the reason why
- name: "Print manual run reason"
if: ${{ github.event_name == 'workflow_dispatch' }}
run: |
echo "Reason: ${{ github.event.inputs.reason }}"
# Run the .NET dependabot-bot tool
- name: dependabot-bot
id: dependabot-bot
uses: dotnet/docs-tools/actions/dependabot-bot@5e8bcc78465d45a7544bba56509a1a69922b6a5a # main
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
root-directory: "/github/workspace"
dependabot-yml-path: ".github/dependabot.yml"
- name: Create pull request
if: github.event_name == 'workflow_dispatch' || github.repository_owner == 'dotnet'
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
with:
branch: create-dependabotconfig-pull-request/patch
title: "Update dependabot.yml - automatically."
body: ".NET dependabot-bot automated PR. 🤖"
commit-message: ".NET dependabot-bot automated PR."