From 12991b4d6c74c7431fef3ddbb83b6b8111d880f3 Mon Sep 17 00:00:00 2001
From: CrazyMax <crazy-max@users.noreply.github.com>
Date: Thu, 20 Aug 2020 17:31:36 +0200
Subject: [PATCH] Add note about dependabot

---
 README.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/README.md b/README.md
index a3f0712..0c7c71b 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,7 @@ ___
   * [AWS Elastic Container Registry (ECR)](#gitlab)
 * [Customizing](#customizing)
   * [inputs](#inputs)
+* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
 * [Limitation](#limitation)
 * [How can I help?](#how-can-i-help)
 * [License](#license)
@@ -176,6 +177,22 @@ Following inputs can be used as `step.with` keys
 | `password`       | String  |                             | Password or personal access token used to log against the Docker registry |
 | `logout`         | Bool    | `true`                      | Log out from the Docker registry at the end of a job |
 
+## Keep up-to-date with GitHub Dependabot
+
+Since [Dependabot](https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot)
+has [native GitHub Actions support](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem),
+to enable it on your GitHub repo all you need to do is add the `.github/dependabot.yml` file:
+
+```yaml
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+```
+
 ## Limitation
 
 This action is only available for Linux [virtual environments](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources).