ci: add dependabot, pin trivy-action@0.30.0, release no longer waits on scan

2026-04-12 09:10:32 +00:00 · 2026-02-24 10:48:06 +00:00
parent 761e08f168
commit 5f385dce45
3 changed files with 19 additions and 3 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,16 @@
+version: 2
+updates:
+  # GitHub Actions — обновляет версии actions в workflows
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+    labels: [dependencies, ci]
+
+  # Cargo — только security-апдейты, без шума от minor/patch
+  - package-ecosystem: cargo
+    directory: /
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 5
+    labels: [dependencies, rust]