From e12e4a25e5eeded6c46f0fdd2b93ac9bea65e822 Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Fri, 16 Jul 2021 02:03:11 -0700
Subject: [PATCH] Configure Dependabot for updates to production branch deps

Since we already have the Dependabot infrastructure in place for managing dependencies of the project's Go code and
GitHub Actions workflows, it makes sense to do the same for the newly introduced Go and Python dependencies as well.

This configuration is applied to the `production` branch (using the `target-branch` key), but it must be added to the
configuration file in the default branch (`main`) because Dependabot only pays attention to the default branch's
configuration file.

Reference:
https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#about-the-dependabotyml-file
---
 .github/dependabot.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index f28baaaf..691a8c15 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -17,3 +17,17 @@ updates:
       interval: daily
     labels:
       - "topic: infrastructure"
+  - package-ecosystem: gomod
+    target-branch: production
+    directory: /.github/workflows/assets/validate-registry/
+    schedule:
+      interval: daily
+    labels:
+      - "topic: infrastructure"
+  - package-ecosystem: pip
+    target-branch: production
+    directory: /
+    schedule:
+      interval: daily
+    labels:
+      - "topic: infrastructure"