fix(ci): unblock Dependabot auto-merge for app/dependabot PRs

.github/dependabot.yml

@@ -6,13 +6,13 @@ updates:
       interval: weekly
     open-pull-requests-limit: 10
     labels:
-      - dependencies
+      - area:dependencies
 
   - package-ecosystem: github-actions
     directory: "/"
     schedule:
       interval: weekly
     open-pull-requests-limit: 10
     labels:
-      - dependencies
+      - area:dependencies
       - github-actions

.github/mergify.yml

@@ -1,13 +1,27 @@
 pull_request_rules:
+  - name: Auto-merge Dependabot dependency updates on develop
+    conditions:
+      - author~=^(dependabot\[bot\]|app/dependabot)$
+      - base=develop
+      - label=area:dependencies
+      - check-success=CI / check
+      - check-success=CI / lint
+      - check-success=changelog-validate / validate
+      - -draft
+      - -conflict
+    actions:
+      merge:
+        method: squash
+
   - name: Auto-merge Dependabot security updates on develop
     conditions:
-      - author=dependabot[bot]
+      - author~=^(dependabot\[bot\]|app/dependabot)$
       - base=develop
-      - label=dependencies
+      - label=area:dependencies
       - label=meta:dependabot-security
       - check-success=CI / check
-      - check-success=lint / lint
-      - check-success=reviewer / coderabbit-gate
+      - check-success=CI / lint
+      - check-success=changelog-validate / validate
       - -draft
       - -conflict
     actions:

.github/workflows/changelog-validate.yml

@@ -29,10 +29,17 @@ jobs:
       - name: Require changelog update or skip label
         id: changelog_gate
         env:
+          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
           PR_LABELS: ${{ toJson(github.event.pull_request.labels.*.name) }}
           BASE_SHA: ${{ github.event.pull_request.base.sha }}
           HEAD_SHA: ${{ github.event.pull_request.head.sha }}
         run: |
+          if [ "${PR_AUTHOR}" = "dependabot[bot]" ] || [ "${PR_AUTHOR}" = "app/dependabot" ]; then
+            echo "Skipping changelog requirement for Dependabot pull requests."
+            echo "run_validation=false" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
           if echo "${PR_LABELS}" | grep -q '"meta:needs-changelog"' && echo "${PR_LABELS}" | grep -q '"meta:no-changelog"'; then
             echo "::error::PR cannot include both meta:needs-changelog and meta:no-changelog."
             exit 1

.github/workflows/dependabot-security-label.yml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   label-security-updates:
-    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'app/dependabot'
     runs-on: ubuntu-latest
     permissions:
       contents: read