Update build.yml (#3)

* Update build.yml

Signed-off-by: Oleg Kovalov <[email protected]>

* Create dependabot.yml

Signed-off-by: Oleg Kovalov <[email protected]>

---------

Signed-off-by: Oleg Kovalov <[email protected]>

Author: cristaloleg

.github/.github/dependabot.yml

@@ -0,0 +1,18 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    commit-message:
+      prefix: "deps:"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+      time: "09:00"
+  - package-ecosystem: "github-actions"
+    commit-message:
+      prefix: "ci:"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+      time: "09:00"

.github/workflows/build.yml

@@ -2,36 +2,16 @@ name: build
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
+    branches: [main]
+  schedule:
+    - cron: '0 0 * * 0' # run "At 00:00 on Sunday"
 
+# See https://github.com/cristalhq/.github/.github/workflows
 jobs:
-
   build:
-    name: Build
-    runs-on: ubuntu-latest
-    steps:
-
-    - name: Set up Go 1.x
-      uses: actions/setup-go@v2
-      with:
-        go-version: ^1.15
-
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
-
-    - name: Download module dependencies
-      env: 
-         GOPROXY: "https://proxy.golang.org"
-      run: go mod download
-
-    - name: Test
-      run: go test -v -coverprofile=coverage.txt ./...
+    uses: cristalhq/.github/.github/workflows/[email protected]
 
-    - name: Upload Coverage
-      uses: codecov/codecov-action@v1
-      with:
-        token: ${{secrets.CODECOV_TOKEN}}
-        file: ./coverage.txt
-        fail_ci_if_error: false
+  vuln:
+    uses: cristalhq/.github/.github/workflows/[email protected]