Created
October 23, 2024 18:42
-
-
Save tsibley/93d766244159d8542bc604b1cd67289c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| REPO="$(basename $PWD)" | |
| mkdir -p .github | |
| cat > .github/dependabot.yml <<~~ | |
| # Dependabot configuration file | |
| # <https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file> | |
| # | |
| # Each ecosystem is checked on a scheduled interval defined below. To trigger | |
| # a check manually, go to | |
| # | |
| # https://github.com/nextstrain/${REPO}/network/updates | |
| # | |
| # and look for a "Check for updates" button. You may need to click around a | |
| # bit first. | |
| --- | |
| version: 2 | |
| updates: | |
| - package-ecosystem: "github-actions" | |
| directory: "/" | |
| schedule: | |
| interval: "weekly" | |
| ~~ | |
| if [[ $(git status --porcelain .github/dependabot.yml) =~ ^\ M ]]; then | |
| echo "$PWD/.github/dependabot.yml already existed and we've modified it! Please merge the changes and commit." >&2 | |
| exit 1 | |
| fi | |
| git add .github/dependabot.yml | |
| git commit -m 'Automatically check for new GitHub actions versions | |
| Configure Dependabot to do this for us,¹ as discussed in Slack.² | |
| Co-authored-by: Victor Lin <[email protected]> | |
| ¹ <https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot> | |
| ² <https://bedfordlab.slack.com/archives/C01LCTT7JNN/p1706611647288939> | |
| ' .github/dependabot.yml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment