From a7c049d4f8503a2b790e000dc5284e1b4c3fc43b Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Tue, 2 Sep 2025 00:35:13 +0000
Subject: [PATCH 1/2] Add Dependabot auto-merge GitHub Action

- Add dependabot-automerge.yml workflow that automatically merges Dependabot PRs
- Auto-merge enabled for patch and minor version updates after tests pass
- Major version updates require manual review with helpful comment
- Add dependabot.yml configuration to enable weekly dependency updates

Co-authored-by: openhands <openhands@all-hands.dev>
---
 .github/dependabot.yml                     | 25 +++++++++++
 .github/workflows/dependabot-automerge.yml | 48 ++++++++++++++++++++++
 2 files changed, 73 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/dependabot-automerge.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..0d9c923
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,25 @@
+version: 2
+updates:
+  # Enable version updates for npm
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    # Allow both direct and indirect updates
+    allow:
+      - dependency-type: "all"
+    # Automatically rebase PRs when conflicts occur
+    rebase-strategy: "auto"
+    # Group minor and patch updates together
+    groups:
+      minor-and-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+    # Set commit message preferences
+    commit-message:
+      prefix: "chore"
+      prefix-development: "chore"
+      include: "scope"
\ No newline at end of file
diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml
new file mode 100644
index 0000000..1e11492
--- /dev/null
+++ b/.github/workflows/dependabot-automerge.yml
@@ -0,0 +1,48 @@
+name: Dependabot Auto-merge
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: write
+  pull-requests: write
+  checks: read
+
+jobs:
+  dependabot-automerge:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1.6.0
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Wait for status checks
+        uses: lewagon/wait-on-check-action@v1.3.1
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          check-name: 'build'  # This matches the job name in proof-html.yml
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          wait-interval: 10
+
+      - name: Enable auto-merge for patch and minor updates
+        if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Comment on major version updates
+        if: steps.metadata.outputs.update-type == 'version-update:semver-major'
+        run: |
+          gh pr comment "$PR_URL" --body "🚨 **Major version update detected!** 
+          
+          This PR contains a major version update that may include breaking changes. Please review manually before merging.
+          
+          If you're confident this update is safe, you can merge it manually or uncomment the auto-merge line in the workflow."
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file

From ada7cc774150d500a22c14ce975cbcc677f7a785 Mon Sep 17 00:00:00 2001
From: Anwar Zbir <82416169+TheWolfOfChain@users.noreply.github.com>
Date: Wed, 10 Sep 2025 22:11:23 +0200
Subject: [PATCH 2/2] TA2MAi-bot-automerge.yml (#18)

https://github.com/TA2MA-Dev/Repository-Dev-T2m/actions/workflows/dependabot-automerge.yml/badge.svg?event=project

Signed-off-by: Anwar Zbir <82416169+TheWolfOfChain@users.noreply.github.com>
---
 .github/workflows/dependabot-automerge.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml
index 1e11492..e658506 100644
--- a/.github/workflows/dependabot-automerge.yml
+++ b/.github/workflows/dependabot-automerge.yml
@@ -1,4 +1,4 @@
-name: Dependabot Auto-merge
+name: TA2MAi Auto-merge
 
 on:
   pull_request:
@@ -12,7 +12,7 @@ permissions:
 jobs:
   dependabot-automerge:
     runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
+    if: github.actor == 'TA2MA-bot[bot]'
     steps:
       - name: Dependabot metadata
         id: metadata
@@ -45,4 +45,4 @@ jobs:
           If you're confident this update is safe, you can merge it manually or uncomment the auto-merge line in the workflow."
         env:
           PR_URL: ${{ github.event.pull_request.html_url }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}