GHA: enable dependabot GHA updates, narrow CodeQL to just Python

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot hoping dependabot will upgrade our CodeQL from v1 to v2 https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/
snarfed · Dec 2, 2024 · 298d83e · 298d83e
1 parent 23e0323
commit 298d83e
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -8,3 +8,8 @@ updates:
       interval: "daily"
     allow:
       - dependency-type: "all"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -19,7 +19,7 @@ jobs:
       matrix:
         # Override automatic language detection by changing the below list
         # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
-        language: ['python', 'javascript']
+        language: ['python']
         # Learn more...
         # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection