🩹[Patch]: Update dependabot schedule and pin workflow to SHA (#14)

MariusStorhaug · web-flow · commit 7898774854c2 · 2026-01-22T15:47:13.000+01:00
Dependabot now checks for updates daily with a 7-day cooldown period,
reducing noise while maintaining timely security updates. The
Process-PSModule workflow is pinned to a specific commit SHA with
version comment for enhanced security and reproducibility.

## Dependabot Configuration

Updated the schedule from `weekly` to `daily` with a `cooldown` of 7
days. This means Dependabot will check for updates daily but will wait 7
days after a new version is released before creating a PR, helping to
avoid early adoption of potentially unstable releases.

```yaml
schedule:
  interval: daily
cooldown:
  default-days: 7
```

## Pinned Workflows

The reusable workflow is now pinned to a specific commit SHA with
version tag comment for traceability:

| Workflow | Version | Commit SHA |
|----------|---------|------------|
| `PSModule/Process-PSModule` | v5.4.1 |
`be7d5dcbceec14855d325fdd34f2a7c2f05a7f57` |
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,10 +5,12 @@
 
 version: 2
 updates:
-  - package-ecosystem: github-actions # See documentation for possible values
-    directory: / # Location of package manifests
+  - package-ecosystem: github-actions
+    directory: /
     labels:
       - dependencies
       - github-actions
     schedule:
-      interval: weekly
+      interval: daily
+    cooldown:
+      default-days: 7
diff --git a/.github/workflows/Process-PSModule.yml b/.github/workflows/Process-PSModule.yml
@@ -27,6 +27,6 @@ permissions:
 
 jobs:
   Process-PSModule:
-    uses: PSModule/Process-PSModule/.github/workflows/workflow.yml@v5
+    uses: PSModule/Process-PSModule/.github/workflows/workflow.yml@be7d5dcbceec14855d325fdd34f2a7c2f05a7f57 # v5.4.1
     secrets:
       APIKEY: ${{ secrets.APIKEY }}
