From bbaa83847cf10d4745e147db64ca0429f2e5bb65 Mon Sep 17 00:00:00 2001
From: Thomas Boerger <thomas@webhippie.de>
Date: Tue, 31 Oct 2023 13:24:23 +0100
Subject: [PATCH] ci: add workflow for dependabot automerge

---
 .github/workflows/automerge.yml | 49 +++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 .github/workflows/automerge.yml

diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
new file mode 100644
index 0000000..9623fa0
--- /dev/null
+++ b/.github/workflows/automerge.yml
@@ -0,0 +1,49 @@
+---
+name: automerge
+
+"on":
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - master
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+
+    steps:
+      - name: Generate token
+        id: token
+        uses: tibdex/github-app-token@v2
+        with:
+          app_id: ${{ secrets.TOKEN_EXCHANGE_APP }}
+          installation_retrieval_mode: id
+          installation_retrieval_payload: ${{ secrets.TOKEN_EXCHANGE_INSTALL }}
+          private_key: ${{ secrets.TOKEN_EXCHANGE_KEY }}
+          permissions: >-
+            {"contents": "write", "pull_requests": "write", "issues": "write"}
+
+      - name: Fetch metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Approve request
+        id: approve
+        run: gh pr review --approve "${{github.event.pull_request.html_url}}"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Enable automerge
+        id: automerge
+        run: gh pr merge --rebase --auto "${{github.event.pull_request.html_url}}"
+        env:
+          GH_TOKEN: ${{ steps.token.outputs.token }}
+
+...