From 0dff2ecea6720b4e7ce307e587cfa7f942e4210f Mon Sep 17 00:00:00 2001
From: Hidde Beydals <hidde@hhh.computer>
Date: Mon, 11 Sep 2023 23:40:28 +0200
Subject: [PATCH] Enable Dependabot for Docker, GH Actions and Go

This enables Dependabot using three groups, one for container images,
one for GitHub Actions, and one for Go Modules.

In the future, we may want to split the Go Modules into multiple
groups. For example, one for each key source with a misc catch-all
group for any other dependency.

xref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates#grouping-dependabot-version-updates-into-one-pull-request

Signed-off-by: Hidde Beydals <hidde@hhh.computer>
---
 .github/dependabot.yaml | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 .github/dependabot.yaml

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
new file mode 100644
index 000000000..3d99d33af
--- /dev/null
+++ b/.github/dependabot.yaml
@@ -0,0 +1,41 @@
+version: 2
+
+updates:
+  - package-ecosystem: "docker"
+    directory: "/"
+    labels: ["dependencies"]
+    schedule:
+      # By default, this will be on a Monday.
+      interval: "weekly"
+    groups:
+      # Group all updates together, so that they are all applied in a single PR.
+      # xref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups
+      docker:
+          patterns:
+          - "*"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    labels: ["area/CI", "dependencies"]
+    schedule:
+      # By default, this will be on a Monday.
+      interval: "weekly"
+    groups:
+      # Group all updates together, so that they are all applied in a single PR.
+      # xref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups
+      ci:
+        patterns:
+          - "*"
+
+  - package-ecosystem: "gomod"
+    directory: "/"
+    labels: ["dependencies"]
+    schedule:
+      # By default, this will be on a Monday.
+      interval: "weekly"
+    groups:
+      # Group all updates together, so that they are all applied in a single PR.
+      # xref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups
+      go:
+        patterns:
+          - "*"