From ecd30aa680b188340ffa3e22550246288a279f11 Mon Sep 17 00:00:00 2001
From: Avnish Pratap Singh <as74@sanger.ac.uk>
Date: Tue, 1 Oct 2024 09:31:40 +0100
Subject: [PATCH] Added dependabot.yml to auto-update GitHub actions

---
 .github/dependabot.yml | 10 ++++++++++
 CHANGELOG.md           |  1 +
 2 files changed, 11 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..619e9bd
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,10 @@
+# Referenced from:
+# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
+
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3d59c27..6e797b0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Added
 
+* Added .github/dependabot.yml file to auto-update GitHub actions
 * Implemented the `create_token` action. Provided the caller has an admin token,
   this action generates and returns a new pipeline-specific token.