ci: pin labeler

Turns out GHActions where `pull_request_target` is used are capable of pwning repositories: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ labeler doesn't check out the source code or build anything so it's safe in its current form but to avoid surprises let's just pin it to the latest version. It's annoying to manage dependencies like this manually so additionally dependabot.yml is introduced to make it easier to keep GHActions up to date more or less automatically: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
author: Evgeny Vereshchagin <evvers@ya.ru> 2021-11-11 01:56:02 +0000
committer: Evgeny Vereshchagin <evvers@ya.ru> 2021-11-11 10:19:06 +0000
commit: 5570313421a27bd8a7a7e04de975e64769df8cf8 (patch)
tree: 9df4e130db6f9bcf6a29ecb99ab3af61237c7694 /.github/dependabot.yml
parent: 33796123bccabdcc91ee9b87b5c042710bf50362 (diff)
download: systemd-5570313421a27bd8a7a7e04de975e64769df8cf8.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000..123014908b
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
author	Evgeny Vereshchagin <evvers@ya.ru>	2021-11-11 01:56:02 +0000
committer	Evgeny Vereshchagin <evvers@ya.ru>	2021-11-11 10:19:06 +0000
commit	5570313421a27bd8a7a7e04de975e64769df8cf8 (patch)
tree	9df4e130db6f9bcf6a29ecb99ab3af61237c7694 /.github/dependabot.yml
parent	33796123bccabdcc91ee9b87b5c042710bf50362 (diff)
download	systemd-5570313421a27bd8a7a7e04de975e64769df8cf8.tar.gz