.github/dependabot.yml

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
#Basic set up for three package managers

version: 2

enable-beta-ecosystems: true

updates:

  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
    # Workflow files stored in the default location of `.github/workflows`. (You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.)
    directory: "/"
    schedule:
      interval: "daily"

      # Check for npm updates at 9am UTC
      time: "01:00"

    allow:
      # Allow both direct and indirect updates for all packages
      - dependency-type: "all"

    pull-request-branch-name:
      # Separate sections of the branch name with a hyphen
      # for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1`
      separator: "-"

  # Maintain dependencies for npm
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"

      # Check for npm updates at 9am UTC
      time: "01:00"

    allow:
      # Allow both direct and indirect updates for all packages
      - dependency-type: "all"

    pull-request-branch-name:
      # Separate sections of the branch name with a hyphen
      # for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1`
      separator: "-"

   # Maintain dependencies for Composer
  - package-ecosystem: "composer"
    directory: "/"
    schedule:
      interval: "daily"

      # Check for npm updates at 9am UTC
      time: "01:00"

    allow:
      # Allow both direct and indirect updates for all packages
      - dependency-type: "all"

    pull-request-branch-name:
      # Separate sections of the branch name with a hyphen
      # for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1`
      separator: "-"

   # Maintain dependencies for Bundler
  - package-ecosystem: "bundler"
    directory: "/"
    schedule:
      interval: "daily"

      # Check for npm updates at 9am UTC
      time: "01:00"

    allow:
      # Allow both direct and indirect updates for all packages
      - dependency-type: "all"

    pull-request-branch-name:
      # Separate sections of the branch name with a hyphen
      # for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1`
      separator: "-"


   # Maintain dependencies for Pip
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
      interval: "daily"

      # Check for npm updates at 9am UTC
      time: "01:00"

    allow:
      # Allow both direct and indirect updates for all packages
      - dependency-type: "all"

    pull-request-branch-name:
      # Separate sections of the branch name with a hyphen
      # for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1`
      separator: "-"


   # Maintain dependencies for Pub
  - package-ecosystem: "pub"
    directory: "/"
    schedule:
      interval: "daily"

      # Check for npm updates at 9am UTC
      time: "01:00"

    allow:
      # Allow both direct and indirect updates for all packages
      - dependency-type: "all"

    pull-request-branch-name:
      # Separate sections of the branch name with a hyphen
      # for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1`
      separator: "-"


   # Maintain dependencies for Docker
  - package-ecosystem: "docker"
    directory: "/"
    schedule:
      interval: "daily"

      # Check for npm updates at 9am UTC
      time: "01:00"

    allow:
      # Allow both direct and indirect updates for all packages
      - dependency-type: "all"

    pull-request-branch-name:
      # Separate sections of the branch name with a hyphen
      # for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1`
      separator: "-"


# Use this YAML in your workflow file for each job
# runs-on: self-hosted