From 10dc8082cb5d49eb6a581374ca16d793589ddd52 Mon Sep 17 00:00:00 2001
From: matthew-pilot <matthew-pilot@users.noreply.github.com>
Date: Tue, 2 Jun 2026 18:46:09 +0000
Subject: [PATCH] fix: add Dependabot config for Go modules and GitHub Actions
 (PILOT-355)

Enables automated dependency updates for gomod and github-actions
ecosystems on a weekly schedule, with a 5-PR limit per ecosystem.

Note: notify-canary.yml workflow is in paths_denied (.github/workflows/**)
and will require a human to create manually. See ticket for template.
---
 .github/dependabot.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..f78906c
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,19 @@
+version: 2
+updates:
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - go
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - ci