Merge pull request #535 from Rohini-Microsoft/ckm-v2

ci: Add dependabot.yml file for dependabot Configuration to Accelerators Without Existing Setup

Author: Roopan-Microsoft

.github/dependabot.yml

@@ -0,0 +1,56 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+version: 2
+
+updates:
+  # GitHub Actions - grouped
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    target-branch: "dependabotchanges"
+    commit-message:
+      prefix: "build"
+    open-pull-requests-limit: 10
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+
+  # Python backend dependencies - grouped
+  - package-ecosystem: "pip"
+    directory: "/src/api"
+    schedule:
+      interval: "monthly"
+    target-branch: "dependabotchanges"
+    commit-message:
+      prefix: "build"
+    open-pull-requests-limit: 10
+    groups:
+      backend-deps:
+        patterns:
+          - "*"
+
+  # Frontend npm dependencies - grouped
+  - package-ecosystem: "npm"
+    directory: "/src/App"
+    schedule:
+      interval: "monthly"
+    target-branch: "dependabotchanges"
+    commit-message:
+      prefix: "build"
+    open-pull-requests-limit: 10
+    registries:
+      - npm_public_registry
+    groups:
+      frontend-deps:
+        patterns:
+          - "*"
+
+registries:
+  npm_public_registry:
+    type: "npm-registry"
+    url: "https://registry.npmjs.org/"
+    token: ${{ secrets.TOKEN }}