From 1a317f778651925e1a48e9d1f419540b080394cb Mon Sep 17 00:00:00 2001
From: Juee Himalbhai Desai <juee.himalbhai.desai@intel.com>
Date: Fri, 22 Mar 2024 14:50:40 -0700
Subject: [PATCH] .github: Add dependabot.yml file

Enables dependabot tool and checks for any version updates to
all the github actions weekly on Mondays.
Dependabot.yml file needs to be in .github folder as
opposed to .github/workflows like all other workflow yml files
since .github folder is checked by github actions and also by
OSSF scorecard.

Signed-off-by: Juee Himalbhai Desai <juee.himalbhai.desai@intel.com>
---
 .github/dependabot.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000000..e762f67dff6
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/" # Location of package manifests
+    schedule:
+      # Check for updates to GitHub Actions weekly on Monday
+      interval: "weekly"
+      time: "09:00"
+      timezone: "America/Los_Angeles"
+