From 6716d37742ea31b884c1d4ff9992333149ef2176 Mon Sep 17 00:00:00 2001
From: Anders Eknert <anders@styra.com>
Date: Wed, 20 Nov 2024 14:44:50 +0100
Subject: [PATCH] Less frequent, and grouped dependabot updates (#1271)

Monthly may seem like an excaggeration, but our only real dependency
is OPA, and we update that anyway. The rest are just peripheral anyway,
and security related updates will be suggested immediately regardless.

Signed-off-by: Anders Eknert <anders@styra.com>
---
 .github/dependabot.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 5dd4e486..f73772e1 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,11 +3,15 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
   - package-ecosystem: "gomod"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "monthly"
     ignore:
       # update OPA manually to bump version in README too
       - dependency-name: "github.com/open-policy-agent/opa"
+    groups:
+      dependencies:
+        patterns:
+          - "*"