From c6a9ebb4f463734940428044a7f57a4844488720 Mon Sep 17 00:00:00 2001
From: Jamie Wilkinson <jamie.wilkinson1@digital.cabinet-office.gov.uk>
Date: Fri, 16 May 2025 15:46:47 +0100
Subject: [PATCH] Schedule dependabot updates every Sunday

Dependabot updates are getting burdensome. Dependabot docs recommend
scheduling updates to reduce this workload somewhat. The goal here is
that the week's dependabot PRs would all be raised at the beginning of
the working week, giving us time to sort them out before more get
raised the following week. Security updates should still get raised
along with associated security alerts.

In future we could also use groups to e.g. gather all dev dependencies
into a single PR.
---
 .github/dependabot.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index ee3cbb65..e79a0f66 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,12 +9,14 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+      day: "sunday"
     open-pull-requests-limit: 10
 
   # Maintain dependencies for Ruby/Rails bundler
   - package-ecosystem: "bundler"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+      day: "sunday"
     open-pull-requests-limit: 10