Skip to content

update dependabot.yml #12

update dependabot.yml

update dependabot.yml #12

# The name used in the GitHub UI for the workflow
name: "update dependabot.yml"
# When to run this action:
# - Scheduled to run at 5 AM every Monday.
# - Manually runnable from the GitHub UI with a reason
on:
schedule:
- cron: "0 5 * * 1" # 5 AM every Monday.
workflow_dispatch:
inputs:
reason:
description: "The reason for running the workflow"
required: true
default: "Manual run"
# Run on the latest version of Ubuntu
permissions:
contents: read
jobs:
dependabot-bot:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
# Checkout the repo into the workspace within the VM
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
# - name: Setup .NET
# uses: actions/setup-dotnet@4d4a70f4a5b2a5a5329f13be4ac933f2c9206ac0
# with:
# dotnet-version: 7.0.x
# dotnet-quality: 'preview'
# If triggered manually, print the reason why
- name: "Print manual run reason"
if: ${{ github.event_name == 'workflow_dispatch' }}
run: |
echo "Reason: ${{ github.event.inputs.reason }}"
# Run the .NET dependabot-bot tool
- name: dependabot-bot
id: dependabot-bot
uses: dotnet/docs-tools/actions/dependabot-bot@5e8bcc78465d45a7544bba56509a1a69922b6a5a # main
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
root-directory: "/github/workspace"
dependabot-yml-path: ".github/dependabot.yml"
- name: Create pull request
if: github.event_name == 'workflow_dispatch' || github.repository_owner == 'dotnet'
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
with:
branch: create-dependabotconfig-pull-request/patch
title: "Update dependabot.yml - automatically."
body: ".NET dependabot-bot automated PR. 🤖"
commit-message: ".NET dependabot-bot automated PR."