Set up Dependabot with auto-merge

.github/dependabot.yml

@@ -0,0 +1,15 @@
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      include: "scope"
+      prefix: "github-actions"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependency"

.github/workflows/dependabot-auto-merge.yml

@@ -0,0 +1,23 @@
+name: "Dependabot auto-merge"
+
+on: [pull_request_target] # yamllint disable-line rule:truthy
+
+permissions:
+  contents: "write"
+
+jobs:
+  dependabot:
+    runs-on: "ubuntu-latest"
+    if: "${{ github.actor == 'dependabot[bot]' }}"
+    steps:
+      - name: "Dependabot metadata"
+        id: "metadata"
+        uses: "dependabot/[email protected]"
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: "Enable auto-merge for Dependabot PRs"
+        if: "${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}"
+        run: "gh pr merge --auto --merge \"$PR_URL\""
+        env:
+          PR_URL: "${{github.event.pull_request.html_url}}"
+          GITHUB_TOKEN: "${{secrets.GITHUB_TOKEN}}"