From 85ed2a22f22bf5156644b74ffe5d3ab1e9a14606 Mon Sep 17 00:00:00 2001
From: Alexander Entinger <consulting@lxrobotics.com>
Date: Fri, 16 Feb 2024 08:33:20 +0100
Subject: [PATCH] Configure Dependabot to check for outdated actions used in
 workflows

Dependabot will periodically check the versions of all actions used in the repository's workflows. If any are found to
be outdated, it will submit a pull request to update them.

NOTE: Dependabot's PRs will occasionally propose to pin to the patch version of the action (e.g., updating
 to ). When the action author has provided a major version ref, use that instead
(e.g., ). Dependabot will automatically close its PR once the workflow has been updated.

More information:
https://docs.github.com/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
---
 .github/dependabot.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..03b0e93f
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+# See: https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#about-the-dependabotyml-file
+version: 2
+
+updates:
+  # Configure check for outdated GitHub Actions actions in workflows.
+  # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/dependabot/README.md
+  # See: https://docs.github.com/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
+  - package-ecosystem: github-actions
+    directory: /.github/workflows/
+    schedule:
+      interval: daily
+    labels:
+      - "topic: infrastructure"