From df9afbe28a1dff24ffc0e4f58a6fcb1cf5560ac6 Mon Sep 17 00:00:00 2001
From: Tony Meyer <tony.meyer@canonical.com>
Date: Thu, 3 Oct 2024 14:19:40 +1300
Subject: [PATCH] ci: configure the labels for dependabot PRs (#1407)

For GitHub actions dependabot PRs: only use the `dependencies` label,
rather than both that and `github_actions`.

For pip (Python) dependabot PRs: we only have security dependabot PRs
enabled, so add the same label restriction (avoiding a `python` label)
but this requires adding a section to configure dependabot, and then
essentially disabling most of it by setting the maximum PRs to 0
(security PRs will still be opened).
---
 .github/dependabot.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
index 0e4b5c5e4..ac1d40ee7 100644
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -4,3 +4,12 @@ updates:
     directory: "/"
     schedule:
       interval: "monthly"  # This is hard-coded to the 1st of the month
+    labels:
+      - "dependencies"
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 0  # Security updates only
+    labels:
+      - "dependencies"