mirror of
https://github.com/johnkerl/miller.git
synced 2026-07-17 16:38:54 +00:00
The workflow pins all three codeql-action steps to the same commit SHA, but Dependabot was opening separate PRs per action path, so merging just one broke CI with a CodeQL config-version mismatch. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
25 lines
887 B
YAML
25 lines
887 B
YAML
# To get started with Dependabot version updates, you'll need to specify which
|
|
# package ecosystems to update and where the package manifests are located.
|
|
# Please see the documentation for all configuration options:
|
|
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
|
|
|
|
version: 2
|
|
updates:
|
|
# Maintain dependencies for GitHub Actions
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "daily"
|
|
groups:
|
|
# The codeql-analysis.yml workflow pins init/autobuild/analyze to the
|
|
# same commit SHA, so they must be bumped together or CI breaks with a
|
|
# CodeQL config-version mismatch.
|
|
codeql-action:
|
|
patterns:
|
|
- "github/codeql-action/*"
|
|
|
|
# Maintain dependencies for Go
|
|
- package-ecosystem: "gomod"
|
|
directory: /
|
|
schedule:
|
|
interval: "daily"
|