Yeah, why not.
Two remarks: - why Docker? - Automatic updating of the action versions won't work directly as we pinned the actions and their versions in the organization settings. I think this is useful to reduce the risk of getting unwanted actions or code executed in CI. So even after merging Dependabot's PRs, a Geany admin still has to do allow that action/version in the settings for security reasons.