From 29bfbc0ea64a2a1bd1482443904c05131443f7a8 Mon Sep 17 00:00:00 2001
From: Scott Brenner <scott@scottbrenner.me>
Date: Wed, 14 May 2025 08:40:54 -0700
Subject: [PATCH] infra: Dependabot configuration to update actions in workflow
 (#31026)

Noticed a few Actions used in the workflows here are outdated, proposing
a Dependabot configuration to update - reference
https://docs.github.com/en/actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions#keeping-the-actions-in-your-workflows-secure-and-up-to-date

Suggest enabling
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners#enabling-or-disabling-for-your-repository
as well
---
 .github/dependabot.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000000..fcf1bd80182
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+# and
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"