From 4d309f2d35d0ee36123c1fc879c3bc30db8c3195 Mon Sep 17 00:00:00 2001
From: William Murphy <will.murphy@anchore.com>
Date: Thu, 18 Jan 2024 04:55:55 -0500
Subject: [PATCH] chore: change dependabot to auto-approve only (#458)

When dependabot PRs are automatically merged, the resulting commit
doesn't run workflows on main if the default GitHub token is used.
Rather than generate a more potent token, or live with some commits not
running workflows on main, scale back dependabot automation to only
approve the PRs but not merge them. This still reduces toil by saving
several clicks in the UI.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
---
 .github/workflows/dependabot-automation.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 .github/workflows/dependabot-automation.yaml

diff --git a/.github/workflows/dependabot-automation.yaml b/.github/workflows/dependabot-automation.yaml
new file mode 100644
index 00000000..1c3ded29
--- /dev/null
+++ b/.github/workflows/dependabot-automation.yaml
@@ -0,0 +1,10 @@
+name: Dependabot Automation
+on:
+  pull_request:
+
+permissions:
+  pull-requests: write
+
+jobs:
+  run:
+    uses: anchore/workflows/.github/workflows/dependabot-automation.yaml@main