From 0cdd3948dd2d2794111e361afab2080bba6f0658 Mon Sep 17 00:00:00 2001
From: Eser DENIZ <srwiez@gmail.com>
Date: Tue, 19 May 2026 09:03:09 +0200
Subject: [PATCH] Add Dependabot config and CODEOWNERS

Forward-looking baseline ahead of any GitHub Actions workflows landing
in this repo. Once workflows exist, Dependabot will keep their pinned
SHAs up to date automatically (monthly, grouped, labelled).

Part of the fleet-wide hardening pass; same template used across the
knotsphp/* and SRWieZ/* repos.
---
 .github/CODEOWNERS     |  1 +
 .github/dependabot.yml | 15 +++++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 .github/CODEOWNERS
 create mode 100644 .github/dependabot.yml

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..a9908fa
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+/.github/ @SRWieZ
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..8771be3
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    labels:
+      - "dependencies"
+      - "ci"
+    groups:
+      github-actions:
+        patterns:
+          - "*"