Enable Dependabot

[scruplelesswizard]

Description

Enables automatic Dependabot dependency update PRs for the following package ecosystems:

• Docker
• Git Submodules
• Github Actions

Dependabot will create pull requests when there is a release of the upstream dependency.

Actions Secrets vs. Dependabot Secrets

Dependabot uses a unique set of secrets and does not have access to Organization or Repository Actions secrets. This may cause pipelines to fail without the Actions secrets available.

To resolve this, Organization or Repsitory Dependabot secrets can be set.

As a workaround, authorized contributors can push an empty commit to a branch that Dependabot creates; Github Actions will then run workflows in the Actions secrets context.

[scruplelesswizard]

@fifieldt thanks for triggering CI. I'll get the linting sorted shortly

[fifieldt]

@scruplelesswizard

"""
Your .github/dependabot.yml contained invalid details

Dependabot encountered the following error when parsing your .github/dependabot.yml:

The property '#/updates/0/schedule/time' of type integer did not match the following type: string
The property '#/updates/1/schedule/time' of type integer did not match the following type: string
The property '#/updates/2/schedule/time' of type integer did not match the following type: string
The property '#/updates/3/schedule/time' of type integer did not match the following type: string

Please update the config file to conform with Dependabot's specification.
"""

[fifieldt]

#4795

[scruplelesswizard]

Thanks @fifieldt, thanks for sorting the fight between Dependabot's and Trunk Check's syntax