From 8ff697a5ecf93e6d5edd6b867a43834d6a8e2d21 Mon Sep 17 00:00:00 2001
From: Leandro Lucarella <luca-frequenz@llucax.com>
Date: Mon, 16 Feb 2026 13:50:30 +0100
Subject: [PATCH] Add auto-depenabot workflow

This workflow uses the new GitHub App for gettingt the credentials.

Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com>
---
 .github/workflows/auto-dependabot.yaml | 29 ++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 .github/workflows/auto-dependabot.yaml

diff --git a/.github/workflows/auto-dependabot.yaml b/.github/workflows/auto-dependabot.yaml
new file mode 100644
index 0000000..0016929
--- /dev/null
+++ b/.github/workflows/auto-dependabot.yaml
@@ -0,0 +1,29 @@
+name: Auto-merge Dependabot PR
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  auto-merge:
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-slim
+    steps:
+      - name: Generate GitHub App token
+        id: app-token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        with:
+          app-id: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_ID }}
+          private-key: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_PRIVATE_KEY }}
+
+      - name: Auto-merge Dependabot PR
+        uses: frequenz-floss/dependabot-auto-approve@3cad5f42e79296505473325ac6636be897c8b8a1 # v1.3.2
+        with:
+          github-token: ${{ steps.app-token.outputs.token }}
+          dependency-type: 'all'
+          auto-merge: 'true'
+          merge-method: 'merge'
+          add-label: 'tool:auto-merged'