Today I Learned: collection of notes, tips and tricks and stuff I learn from day to day working with computers and technology as an open source contributor and product manager

View project on GitHub

Use dependabot for GitHub Actions

You can get Dependabot to help you with keeping your GitHub Actions workflows up to date

# Basic dependabot.yml file 
# REF: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot

version: 2
  # Enable version updates for GitHub Actions
  - package-ecosystem: "github-actions"
    # Look for `.github/workflows` in the `root` directory
    directory: "/"
    # Check for updates once a week
      interval: "weekly"

Resources and References