auto merge script

Author: ssrlive

.github/dependabot.yml

@@ -9,3 +9,8 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/auto-merge.yml

@@ -0,0 +1,26 @@
+name: Dependabot Auto Merge
+
+on:
+  # https://securitylab.github.com/research/github-actions-preventing-pwn-requests
+  # could and should work, at least for public repos;
+  # tracking issue for this action's issue:
+  # https://github.com/ahmadnassri/action-dependabot-auto-merge/issues/60
+  pull_request_target:
+    types: [labeled]
+
+jobs:
+  auto:
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Auto approve pull request, then squash and merge
+        uses: ahmadnassri/action-dependabot-auto-merge@v2
+        with:
+          target: minor
+          # Note: This needs to be a PAT with (public) repo rights,
+          #       PAT-owning user needs to have write access to this repo
+          #       (dependabot needs to recognize the comment as coming from an allowed reviewer)
+          github-token: ${{ secrets.PAT_REPO_ADMIN }}

.github/workflows/release.yml

@@ -40,7 +40,7 @@ jobs:
 
     runs-on: ${{ matrix.host_os }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Prepare
         shell: bash
@@ -68,7 +68,7 @@ jobs:
           fi
 
       - name: Upload
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.github/workflows/rust.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: rustfmt
       run: cargo fmt --all -- --check
     - name: check