CI: add dependabot scan

Add dependabot scan to warn and propose updates to our github actions.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644 (file)
index 0000000..41039d6
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+# Set update schedule for GitHub Actions
+
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every week
+      interval: "weekly"
+    # Prefix all commit messages with "CI" plus its scope, that is, a
+    # list of updated dependencies
+    commit-message:
+      prefix: "CI"
+      include: "scope"