From c4a87ae5d7f951f93e686b4e748a364670afc43d Mon Sep 17 00:00:00 2001
From: John Hill <john.c.hill@nasa.gov>
Date: Fri, 29 Oct 2021 09:22:02 -0700
Subject: [PATCH] Dependabot for linting and GHA (#4397)

* Dependabot for linting and GHA

* Update dependabot.yml

* Real-time updates were removed from dependabot beta

* label GHA bumps

* Ignore yaml changes on security scans
---
 .github/dependabot.yml                | 21 +++++++++++++++++++++
 .github/workflows/codeql-analysis.yml |  2 ++
 2 files changed, 23 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000..581395acd9
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,21 @@
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"  
+    open-pull-requests-limit: 2
+    labels:
+      - "type:maintenance"
+      - "dependencies"
+    allow:
+      - dependency-name: "^.*eslint.*$"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"    
+    labels:
+      - "type:maintenance"
+      - "dependencies"
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 804866ca5a..6b95a70113 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -10,6 +10,8 @@ on:
       - '**/*Spec.js'
       - '**/*.md'
       - '**/*.txt'
+      - '**/*.yml'
+      - '**/*.yaml'
   schedule:
     - cron: '28 21 * * 3'