From 442032c574a89651fa62b6695e024b173061932b Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Sat, 18 May 2024 06:54:23 +0000
Subject: ci: make dependabot updates monthly and bump PR limit (#6338)

It is currently only used for GitHub Actions.  The ones used in this
project rarely ever contain notable changes in their changelogs (in a
way that would cause a noticeable difference in our CI).

Also, there are weeks when most/all of the PR/commit activity is from
dependabot PRs being opened/merged.  For example, see the output of the
following command:

    git log --no-decorate --oneline 9a0db13e12..bef085035

So change the checks from weekly to monthly to reduce the noise.

Additionally, bump `open-pull-requests-limit` to 4, as it seems that we
only have 4 dependencies:

    $ git grep 'uses:' -- .github/ | sed -E 's/.*(uses: .*)@.*/\1/' |
      LC_ALL=C sort -u
    uses: actions/checkout
    uses: github/codeql-action/analyze
    uses: github/codeql-action/init
    uses: step-security/harden-runner

This should ensure that PRs can be opened against all of them when the
dependabot check is run.
---
 .github/dependabot.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to '.github/dependabot.yml')

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 30242923d..7335f1eb2 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,5 +3,5 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 2
+      interval: "monthly"
+    open-pull-requests-limit: 4
-- 
cgit v1.2.3-70-g09d2