ci(gha): auto merge dependabot prs when all CI checks are executed

Author: abhisheksr01

.github/workflows/pipeline.yml

@@ -7,6 +7,10 @@ on:
     branches:
       - main
 
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   conventional-commit-check:
     runs-on: ubuntu-latest
@@ -134,6 +138,27 @@ jobs:
           scan-ref: './'
           exit-code: 1
           trivy-config: ./config/trivy/trivy.yaml
+  dependabot-pr-auto-merge:
+    runs-on: ubuntu-latest
+    needs:
+      - unit-test
+      - mutation-test
+      - dependency-vulnerability-analysis
+      - sast-snyk
+      - sast-iac-trivy-hadolint
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'abhisheksr01/spring-boot-microservice-best-practices'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Enable auto-merge for Dependabot PRs
+#        if: contains(steps.metadata.outputs.dependency-names, 'my-dependency') && steps.metadata.outputs.update-type == 'version-update:semver-patch'
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
   docker-build-push:
     if: github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest