From f33e35ef075dd4db53b2b36397efe5def5b9d9cb Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@redhat.com>
Date: Tue, 12 Apr 2022 11:39:04 +0200
Subject: [PATCH] github: add Dependabot for managing versions in go.mod

Dependabot can automatically create PRs for packages that have have a
new release. By depending on recent versions of the consumed packages,
the result of the OpenSSF scorecard will improve.

See-also: https://deps.dev/go/github.com%2Fceph%2Fgo-ceph/
Signed-off-by: Niels de Vos <ndevos@redhat.com>
---
 .github/dependabot.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..ffaf1f5
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    rebase-strategy: "disabled"
+    labels:
+      - rebase
+    commit-message:
+      prefix: "rebase"