Combine Dependabot auto-approve and auto-merge workflows

[Copilot]

Description

Consolidated two separate Dependabot workflows into a single workflow that handles both approval and auto-merge operations. The previous setup required PRs to wait for approval before enabling auto-merge; the combined workflow executes both actions atomically on PR creation/update.

Changes

• Created .github/workflows/dependabot-auto-approve-merge.yml - Single workflow with both permissions (contents: write, pull-requests: write)
• Removed .github/workflows/dependabot-auto-approve.yml - No longer needed
• Removed .github/workflows/dependabot-auto-merge.yml - No longer needed

Behavior

Triggers on pull_request events (opened, reopened, synchronize). For Dependabot PRs with semver-minor or semver-patch updates:

1. Approves the PR immediately
2. Enables auto-merge with squash strategy

Checklist:

• Public methods are documented
• Public methods are tested
• New and existing tests pass when run locally
• There are no new warnings or errors

Original prompt

combine auto merge and auto approve workflows like so:

name: Dependabot Auto-Approve & Auto-Merge

on:
  pull_request:
    types: [opened, reopened, synchronize]

permissions:
  contents: write
  pull-requests: write

jobs:
  dependabot:
    runs-on: ubuntu-latest
    if: github.event.pull_request.user.login == 'dependabot[bot]'

    steps:
      - name: Get Dependabot metadata
        id: metadata
        uses: dependabot/fetch-metadata@v2
        with:
          github-token: ${{ github.token }}

      - name: Approve minor and patch updates
        if: |
          steps.metadata.outputs.update-type == 'version-update:semver-minor' ||
          steps.metadata.outputs.update-type == 'version-update:semver-patch'
        run: gh pr review --approve "$PR_URL"
        env:
          PR_URL: ${{ github.event.pull_request.html_url }}
          GH_TOKEN: ${{ github.token }}

      - name: Enable auto-merge for minor and patch updates
        if: |
          steps.metadata.outputs.update-type == 'version-update:semver-minor' ||
          steps.metadata.outputs.update-type == 'version-update:semver-patch'
        run: gh pr merge --auto --squash "$PR_URL"
        env:
          PR_URL: ${{ github.event.pull_request.html_url }}
          GH_TOKEN: ${{ github.token }}

Then open a PR

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[sonarqubecloud]

Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Combines the previously separate Dependabot auto-approve and auto-merge GitHub Actions workflows into a single workflow triggered on pull_request events.

Changes:

• Removed legacy dependabot-auto-approve.yml and dependabot-auto-merge.yml workflows.
• Added a unified workflow that fetches Dependabot metadata, auto-approves minor/patch updates, and enables auto-merge for those updates.
• Expanded trigger types to include synchronize so the workflow reruns when Dependabot updates the PR.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
.github/workflows/dependabot-auto-merge.yml	Deletes the old auto-merge-only workflow in favor of the combined workflow.
.github/workflows/dependabot-auto-approve.yml	Deletes the old auto-approve-only workflow in favor of the combined workflow.
.github/workflows/dependabot-auto-approve-merge.yml	Adds the combined workflow handling both approval and auto-merge enablement for minor/patch Dependabot PRs.