From 8e6303ca4d025ef74cc58fe6d52c8e9935ef69d7 Mon Sep 17 00:00:00 2001
From: Brian Surowiec <brian@13degrees.com>
Date: Mon, 31 Jan 2022 18:53:20 -0500
Subject: [PATCH] Create dependabot-auto-merge.yml

---
 .github/workflows/dependabot-auto-merge.yml | 37 +++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 .github/workflows/dependabot-auto-merge.yml

diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
new file mode 100644
index 00000000..41e135f8
--- /dev/null
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -0,0 +1,37 @@
+# https://gist.github.com/xt0rted/46475099dc0a70ba63e16e3177407872
+name: Dependabot auto-merge
+
+on: pull_request_target
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+
+    if: ${{ github.actor == 'dependabot[bot]' }}
+
+    steps:
+      - name: Generate token
+        id: generate_token
+        uses: tibdex/github-app-token@v1.5.1
+        with:
+          app_id: ${{ secrets.DEPENDAMERGE_APP_ID }}
+          private_key: ${{ secrets.DEPENDAMERGE_PRIVATE_KEY }}
+
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v1.1.0
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Authenticate cli
+        run: echo "${{ steps.generate_token.outputs.token }}" | gh auth login --with-token
+
+      - name: Enable auto-merge for Dependabot PRs
+        if: steps.dependabot_metadata.outputs.dependency-type == 'direct:development' && (steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch')
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}