From c3b8f8a4806c0f199225d59810282db945e4b068 Mon Sep 17 00:00:00 2001
From: alexander-akait <sheo13666q@gmail.com>
Date: Tue, 10 Mar 2026 20:32:59 +0300
Subject: [PATCH] ci: dependabot automerge

---
 .github/dependabot.yml           |  5 ++++-
 .github/workflows/dependabot.yml | 38 ++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 611294a2a..6378b02d7 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,13 +5,16 @@ updates:
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 20
-    versioning-strategy: lockfile-only
     labels:
       - dependencies
+    versioning-strategy: widen
     groups:
       dependencies:
         patterns:
           - "*"
+        update-types:
+          - "minor"
+          - "patch"
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
new file mode 100644
index 000000000..c40d79b67
--- /dev/null
+++ b/.github/workflows/dependabot.yml
@@ -0,0 +1,38 @@
+name: Dependabot
+
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot-auto-merge:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Generate Token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        id: app-token
+        with:
+          app-id: ${{ secrets.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
+
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0
+        with:
+          github-token: "${{ steps.app-token.outputs.token }}"
+
+      - name: Enable auto-merge for Dependabot PRs
+        if: steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major'
+        run: |
+          if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ];
+          then gh pr review --approve "$PR_URL"
+          else echo "PR already approved, skipping additional approvals to minimize emails/notification noise.";
+          fi
+
+          gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}