Prepare to conditionally auto-approve dependabot PRs

We want to set up a flow to to auto-approve some dependabot PRs. We're having
trouble testing it locally so we want to merge this version which does not
actually approve PRs, but simply tells us whether it would approve them.

Author: cadmiumcat

.github/workflows/dependabot-autoapprove.yml

@@ -0,0 +1,26 @@
+name: Dependabot auto-approve
+on: pull_request
+permissions:
+  pull-requests: write
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    # Checking the author will prevent your Action run failing on non-Dependabot PRs
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    steps:
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v2
+      - uses: actions/checkout@v4
+      - name: Approve a PR if not already approved
+      # as long as it's not a npm PR, an dthe update is a patch version
+        if: "!contains(steps.metadata.outputs.package-ecosystem, 'npm') && steps.metadata.outputs.update-type == 'version-update:semver-patch'"
+        run: |
+          gh pr checkout "$PR_URL" # sets the upstream metadata for `gh pr status`
+          if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ];
+          then echo "This would approve the PR"
+          else echo "PR already approved, skipping additional approvals to minimize emails/notification noise.";
+          fi
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}