From 9a4df5d2fb0254daf6f270e96c090dd68e002df6 Mon Sep 17 00:00:00 2001
From: Steffen Neubauer <steffen@garden.io>
Date: Mon, 6 Mar 2023 12:00:39 +0100
Subject: [PATCH] ci(dependabot): add dependabot docker ecosystem (#3885)

This means more dependabot PRs, and hopefully less manual work keeping Dockerfiles up to date.

In some cases careful testing will be required before merging Docker PRs but at least we have a to-do list in the form of dependabot PRs.

We do not use dependabot with npm yet because our build process is currently incompatible with "pure ESM build" dependencies.  See also  https://github.com/garden-io/garden/issues/3841
---
 .github/dependabot.yml | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 4d5a58b066..4fba6fc767 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,9 +5,22 @@
 
 version: 2
 updates:
-  # Maintain dependencies for GitHub Actions
+  # Automatically update GitHub Actions
   - package-ecosystem: "github-actions"
+    directory: "/"
+    open-pull-requests-limit: 5
+    schedule:
+      interval: "weekly"
+  # Automatically update Dockerfile FROM images
+  - package-ecosystem: "docker"
     directory: "/"
     open-pull-requests-limit: 5
     schedule:
       interval: "daily"
+  # TODO: Consider enabling the NPM package ecosystem once we have fixed our build process to support pure ESM build dependencies, see also https://github.com/garden-io/garden/issues/3841
+  # Automatically update NPM packages
+  # - package-ecosystem: "npm"
+  #   directory: "/"
+  #   open-pull-requests-limit: 5
+  #   schedule:
+  #     interval: "daily"