github: Set up Dependabot to manage HashiCorp-owned Actions versions (#128)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index eed0ba6..083d5d9 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,3 +5,20 @@
schedule:
interval: "daily"
labels: ["dependencies"]
+ - package-ecosystem: github-actions
+ directory: /
+ schedule:
+ interval: weekly
+ labels:
+ - dependencies
+ # only update HashiCorp actions, external actions managed by TSCCR
+ allow:
+ - dependency-name: hashicorp/*
+ groups:
+ github-actions-breaking:
+ update-types:
+ - major
+ github-actions-backward-compatible:
+ update-types:
+ - minor
+ - patch
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 3ac2de3..f72e7b7 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -22,7 +22,7 @@
- name: Checkout Repo
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install copywrite
- uses: hashicorp/setup-copywrite@v1.1.2
+ uses: hashicorp/setup-copywrite@867a1a2a064a0626db322392806428f7dc59cb3e # v1.1.2
- name: Validate Header Compliance
run: copywrite headers --plan
@@ -51,4 +51,4 @@
- name: Go mod verify
run: go mod verify
- name: Run tests
- run: go test -v ./...
\ No newline at end of file
+ run: go test -v ./...
