注意
Your site administrator must set up Dependabot updates for your GitHub Enterprise Server instance before you can use this feature. For more information, see Enabling Dependabot for your enterprise.
You may not be able to enable or disable Dependabot updates if an enterprise owner has set a policy at the enterprise level. For more information, see Enforcing policies for code security and analysis for your enterprise.
When you enable Dependabot version updates for GitHub Actions, Dependabot will help ensure that references to actions in a repository's workflow.yml file and reusable workflows used inside workflows are kept up to date. For more information, see About Dependabot version updates.
Enabling Dependabot version updates for actions
- If you have already enabled Dependabot version updates for other ecosystems or package managers, simply open the existing
dependabot.ymlfile. Otherwise, create adependabot.ymlconfiguration file in the.githubdirectory of your repository. For more information, see Configuring Dependabot version updates. - Specify
"github-actions"as apackage-ecosystemto monitor. - Set the
directoryto"/"to check for workflow files in.github/workflows. - Set a
schedule.intervalto specify how often to check for new versions. - Check the
dependabot.ymlconfiguration file in to the.githubdirectory of the repository. If you have edited an existing file, save your changes.
You can also enable Dependabot version updates on forks. For more information, see Configuring Dependabot version updates.
Example dependabot.yml file for GitHub Actions
The example dependabot.yml file below configures version updates for GitHub Actions. The directory must be set to "/" to check for workflow files in .github/workflows. The schedule.interval is set to "weekly". After this file has been checked in or updated, Dependabot checks for new versions of your actions. Dependabot will raise pull requests for version updates for any outdated actions that it finds. After the initial version updates, Dependabot will continue to check for outdated versions of actions once a week.
# Set update schedule for GitHub Actions
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
# Check for updates to GitHub Actions every week
interval: "weekly"
# Set update schedule for GitHub Actions
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
# Check for updates to GitHub Actions every week
interval: "weekly"
Configuring Dependabot version updates for actions
When enabling Dependabot version updates for actions, you must specify values for package-ecosystem, directory, and schedule.interval. There are many more optional properties that you can set to further customize your version updates. For more information, see Dependabot options reference.