add an actions job with grouping

Author: jakecoffman

.github/dependabot/actions.yml

@@ -0,0 +1,28 @@
+# This is the input to Dependabot CLI.
+# For more examples of what you can do, see the smoke tests: https://github.com/dependabot/smoke-tests/tree/main/tests
+
+job:
+  # this is the directory defined in dependabot-core for the ecosystem
+  package-manager: github_actions
+  allowed-updates:
+    - dependency-type: direct
+      update-type: all
+  source:
+    provider: github
+    repo: dependabot/example-cli-usage
+    directory: "*/**"
+    branch: main
+  dependency-groups:
+    - name: everything
+      rules:
+        patterns:
+          - "*"
+# credentials are optional, but are used to authenticate with private repos and registries when provided
+credentials:
+  - type: git_source
+    # Most credentials take a url or host
+    host: github.com
+    # Credentials will be either username/password or token
+    username: x-access-token
+    # Dependabot CLI will inject secrets from the environment
+    password: $GITHUB_TOKEN

.github/dependabot/go.yml

@@ -2,7 +2,7 @@
 # For more examples of what you can do, see the smoke tests: https://github.com/dependabot/smoke-tests/tree/main/tests
 
 job:
-  # this is the directory defined in dependabot-core
+  # this is the directory defined in dependabot-core for the ecosystem
   package-manager: go_modules
   allowed-updates:
     - dependency-type: direct

.github/workflows/example.yml

@@ -28,7 +28,8 @@ jobs:
           # GITHUB_TOKEN shows an example of how Dependabot CLI can be used with secrets.
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          ./dependabot update -f .github/dependabot/go.yml --timeout 20m > result.jsonl
+          ./dependabot update -f .github/dependabot/go.yml --timeout 20m > result.jsonl || true
+          ./dependabot update -f .github/dependabot/actions.yml --timeout 20m >> result.jsonl || true
 
       - name: Upload result
         uses: actions/upload-artifact@v4