How do I use Dependabot to keep this action up to date?

[JamesIves]

The README mentions using Dependabot to keep the action up to date. How do I do this?

[JamesIves]

To have Dependabot create version bump pull requests within your project simply add a .github/dependabot.yml file with the following:

version: 2
updates:
  - package-ecosystem: github-actions
    directory: '/'
    schedule:
      interval: daily
      time: '10:00'
    open-pull-requests-limit: 10

Dependabot will create daily checks against your project and make pull requests for you increasing the version number whenever a newer iteration of the action is available. You can learn more about Dependabot here.

[yanntm]

The problem is that you get flooded every few days with a bunch of notifications because the rythm of releases is random, but very tight.

Honestly, could you limit yourself to maybe one (stable) release per month ?
I know I could simply lower the frequency of dependabot checks but that also affects other actions I use.

This is my screen (the first page of) these days when I click notifications...

[JamesIves]

This project is maintained in my spare time and as a result releases are going to happen when I have time to make them. I'm not going to consider changing that because of the GitHub notification system.

[yanntm]

Hi, yes thanks a lot for your work on this action as my post shows I'm using it in practically all my workflows.
ofc I understand this is not your primary job. Too bad that such actions are not provided and maintained by Microsoft/GH.
Anyway, this is a side effect of quick releases which shows the action is maintained and updated, so I guess I'm happy about that.
Thanks again for this contribution to the community.