From 71bd057f61fe4552bc38be4b6c66b46a5a86095e Mon Sep 17 00:00:00 2001
From: saptarshimandal1 <saptarshi.mandal1@nhs.net>
Date: Thu, 12 Feb 2026 16:34:26 +0000
Subject: [PATCH 1/2] Enabled auto merge for dependabots

---
 .github/workflows/dependabot-auto-merge.yml | 34 +++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 .github/workflows/dependabot-auto-merge.yml

diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
new file mode 100644
index 0000000..a45fedb
--- /dev/null
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -0,0 +1,34 @@
+name: Dependabot auto-merge
+
+on:
+  pull_request:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Approve PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Enable auto-merge
+        if: |
+          steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
+          steps.metadata.outputs.update-type == 'version-update:semver-minor'
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file

From 4428d11583e43d0de9017b495fd174ceddef9066 Mon Sep 17 00:00:00 2001
From: saptarshimandal1 <saptarshi.mandal1@nhs.net>
Date: Thu, 12 Feb 2026 16:39:34 +0000
Subject: [PATCH 2/2] Enabled auto merge for dependabots

---
 .github/workflows/dependabot-auto-merge.yml | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
index a45fedb..2d641b0 100644
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -1,7 +1,5 @@
 name: Dependabot auto-merge
-
-on:
-  pull_request:
+on: pull_request
 
 permissions:
   contents: write
@@ -14,11 +12,11 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v2
+        uses: dependabot/fetch-metadata@21025c7d3b7c1eb5122b2f4f30b18d6c8b8c52df # v2.5.0
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
 
-      - name: Approve PR
+      - name: Approve Dependabot PR
         run: gh pr review --approve "$PR_URL"
         env:
           PR_URL: ${{ github.event.pull_request.html_url }}