From 477daaf45f8f697ae32379cfb2c64011ecdf39ed Mon Sep 17 00:00:00 2001
From: marko-bekhta <marko.prykladna@gmail.com>
Date: Tue, 4 Feb 2025 21:25:05 +0100
Subject: [PATCH 1/2] Enable GitHub actions dependency updates

---
 .github/dependabot.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 8338fe7..de2adfa 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -10,3 +10,14 @@ updates:
           - "*maven*plugin*"
           - "*plexus*"
           - "org.apache.maven*:*"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: monthly
+    groups:
+      workflow-actions:
+        patterns:
+          - "*"
+    allow:
+      - dependency-name: "actions/*"
+      - dependency-name: "redhat-actions/*"

From 9d000e1b77ecd320854e66b12041800000b08fa8 Mon Sep 17 00:00:00 2001
From: marko-bekhta <marko.prykladna@gmail.com>
Date: Tue, 4 Feb 2025 21:27:08 +0100
Subject: [PATCH 2/2] Use SHA instead of versions in GH actions

---
 .github/workflows/build.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a0ae78a..56ef21a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -22,10 +22,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     - name: Set up JDK 17
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
       with:
         distribution: temurin
         java-version: 17