From 076a553a14a4c18f448bb070e344d2afdc9926a4 Mon Sep 17 00:00:00 2001
From: Benny Neugebauer <bn@bennyn.de>
Date: Mon, 10 May 2021 09:44:58 +0200
Subject: [PATCH] chore: Add auto-merge for dependency updates

---
 .github/auto-merge.yml                   |  3 +++
 .github/dependabot.yml                   |  4 +++-
 .github/workflows/merge-dependencies.yml | 21 +++++++++++++++++++++
 3 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 .github/auto-merge.yml
 create mode 100644 .github/workflows/merge-dependencies.yml

diff --git a/.github/auto-merge.yml b/.github/auto-merge.yml
new file mode 100644
index 00000000..5934f525
--- /dev/null
+++ b/.github/auto-merge.yml
@@ -0,0 +1,3 @@
+- match:
+    dependency_type: all
+    update_type: 'semver:major'
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index e28f57bb..7c943886 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,7 +3,9 @@ updates:
   - package-ecosystem: npm
     directory: '/'
     schedule:
+      day: saturday
       interval: weekly
+      time: '02:00'
     pull-request-branch-name:
       separator: '-'
     target-branch: main
@@ -12,7 +14,7 @@ updates:
       include: scope
     labels:
       - "type: chore \U0001F9F9"
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 99
     ignore:
       - dependency-name: 'husky'
         versions:
diff --git a/.github/workflows/merge-dependencies.yml b/.github/workflows/merge-dependencies.yml
new file mode 100644
index 00000000..c6f26bc4
--- /dev/null
+++ b/.github/workflows/merge-dependencies.yml
@@ -0,0 +1,21 @@
+name: 'Merge Dependencies'
+
+# https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/
+# https://github.com/ahmadnassri/action-dependabot-auto-merge/issues/60#issuecomment-806027389
+on: [pull_request_target]
+
+jobs:
+  auto-merge:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        node-version: [12.x]
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: 'Automerge dependency updates from Dependabot'
+        uses: ahmadnassri/action-dependabot-auto-merge@v2.4.0
+        # Guarantee that commit comes from Dependabot (don't blindly trust external GitHub Actions)
+        if: github.actor == 'dependabot[bot]'
+        with:
+          github-token: ${{ secrets.GH_AUTOMERGE_TOKEN }}