From 32d3329d0c475c655876b1e8c1bd6dd0646bec3d Mon Sep 17 00:00:00 2001
From: David J Pugh <6003255+djpugh@users.noreply.github.com>
Date: Tue, 2 May 2023 10:41:13 +0100
Subject: [PATCH] Adding dependabot due to
 https://github.com/renovatebot/renovate/issues/10187 (#74)

---
 .github/dependabot.yml            | 22 ++++++++++++++++++++++
 .github/workflows/dependabot.yaml | 21 +++++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/dependabot.yaml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..47a17b1
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,22 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "pip" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"
+
+    allow:
+      # Allow both direct and indirect updates for all packages
+      - dependency-type: "all"
+    labels:
+      - "chore"
+      - "dependencies"
+    # There is no dependabot automerge option here, but instead a workflow is used
+    # This can't easily be configured for different upgrade types
+    # Relies on branch protections to ensure merge is safe (c.f. renovate where it can
+    # be configured, but still relies on branch protections)
\ No newline at end of file
diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml
new file mode 100644
index 0000000..7a22a0a
--- /dev/null
+++ b/.github/workflows/dependabot.yaml
@@ -0,0 +1,21 @@
+name: Dependabot auto-approve
+on: pull_request
+
+permissions:
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Approve a PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}