Add note about dependabot

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax 2020-08-20 17:26:50 +02:00
parent 5a5a14b000
commit 2c940cbaa1
No known key found for this signature in database
GPG Key ID: 3248E46B6BB8C7F7

View File

@ -16,6 +16,7 @@ ___
* [Usage](#usage)
* [Customizing](#customizing)
* [inputs](#inputs)
* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
* [Limitation](#limitation)
## Usage
@ -64,6 +65,22 @@ Following outputs are available
|---------------|---------|---------------------------------------|
| `platforms` | String | Available platforms (comma separated) |
## Keep up-to-date with GitHub Dependabot
Since [Dependabot](https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot)
has [native GitHub Actions support](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem),
to enable it on your GitHub repo all you need to do is add the `.github/dependabot.yml` file:
```yaml
version: 2
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
```
## Limitation
This action is only available for Linux [virtual environments](https://docs.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners#supported-virtual-environments-and-hardware-resources).