Added Dependabot config for Docker, GitHub Actions, and more npm packages

[birtony]

Issue This PR Addresses

Fixes #1799

Type of Change

• Bugfix: Change which fixes an issue
• New Feature: Change which adds functionality
• Documentation Update: Change which improves documentation
• UI: Change which improves UI

Description

Added Dependabot configurations for Dockerfiles, GitHub Actions, and more package.json files in our repository. Tested on my forked repository, you can see that all of them appeared under https://github.com/birtony/telescope/network/updates

Warning

Even though this PR limits each package ecosystem to only 1 open PR at a time and sets Dependabot to make checks on each once a week, it can potentially lead to Dependabot creating 9 PRs at once. Although with automatic rebases turned off, that would mean 9 CI runs/preview deployments, I am not sure if it can exhaust any quotas of ours. I am also not sure if we can limit Dependabot in any other way unless we switch to using npm workspaces (#1778). @humphd, please, advise.

Checklist

• Quality: This PR builds and passes our npm test and works locally
• Tests: This PR includes thorough tests or an explanation of why it does not
• Screenshots: This PR includes screenshots or GIFs of the changes made or an explanation of why it does not (if applicable)
• Documentation: This PR includes updated/added documentation to user exposed functionality or configuration variables are added/changed or an explanation of why it does not(if applicable)

[HyperTHD]

@birtony #1778 is being put on hold for now until npm workspaces gets updated later on this year so that's out of the question.

Keep in mind that you'd also need to check other microservices' Dockerfiles and package.jsons such as the Posts service (#1735), User service (#1642), and Post parsing service (#1736). That would no doubt increase the number of PRs dependabot will do each week alone. It might be in our best interest to relook exactly what it needs to check so we don't end up flooded again

[humphd]

I think we can try this and see how it goes. Right now we only have GitHub Actions and Vercel to worry about. As long as we don't overload those, we're good. We can turn this on and see what happens.

But let's not do it on a Friday again please. When this gets merged, I want some people staying near their machines to step in if it needs adjustments.

As long as we have that, I'm OK to experiment with it.

[birtony]

@HyperTHD @humphd I just got an idea. Why don't we configure each package to be checked on different weekdays/times. That way they won't create 9 PRs at once, but rather add them incrementally over time. As far as we keep them reviewing open PRs, they should not pile up.

[yuanLeeMidori]

I think this is doable since the old dependabot PRs can usually get reviewed and merged within a day

[humphd]

I like the scattered day approach.