From f12fa13a25837c91e535faccaafb81c21ad16611 Mon Sep 17 00:00:00 2001 From: Tobias Grothe Date: Tue, 7 Jan 2025 22:03:30 +0100 Subject: [PATCH] Add dependency review workflow and update Dependabot interval - Introduce a GitHub Actions workflow to perform dependency reviews on pull request events targeting the main branch. - Utilize the `actions/checkout@v4` and `actions/dependency-review-action@v4` actions. - Update Dependabot configuration to check for Gradle dependency updates on a weekly interval. Changes to be committed: modified: .github/dependabot.yml modified: .github/workflows/dependency-review.yml --- .github/dependabot.yml | 2 +- .github/workflows/dependency-review.yml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9eea8b2..d3aaefb 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,4 +8,4 @@ updates: - package-ecosystem: "gradle" # See documentation for possible values directory: "/" # Location of package manifests schedule: - interval: "daily" + interval: "weekly" # How often to check for updates diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 5db777e..9a8b350 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,8 +1,6 @@ name: 'Dependency review' on: - push: - branches: [ "main" ] pull_request: branches: [ "main" ]