From 2a5c87474dc468eb1ef2625a5ab896f672329804 Mon Sep 17 00:00:00 2001
From: Brendan <2bndy5@gmail.com>
Date: Thu, 9 Oct 2025 16:35:54 -0700
Subject: [PATCH] build(dev): enable dependabot for automatic updates

Only for GitHub actions in CI workflows.

Managing Python dependencies in this project seems to be manual driven.
It can be enabled (un-commented) later, if desired.
I just didn't want to cause PR spam.

To reduce perceivable spam, I set the "auto-check for updates" schedule to monthly.
Note, dependabot will automatically close or update any outdated PRs that it opened.
---
 .github/dependabot.yml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..faf726ef
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,25 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "chore(CI):"
+    groups:
+      actions:
+        patterns:
+          - "*"
+  # - package-ecosystem: pip
+  #   directory: .github/
+  #   schedule:
+  #     interval: "monthly"
+  #   groups:
+  #     pip:
+  #       patterns:
+  #         - "*"