ci: configure dependabot (#36)

.github/dependabot.yml

@@ -0,0 +1,20 @@
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 20
+    labels:
+      - "dependencies"
+
+  - package-ecosystem: composer
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 20
+    allow:
+      - dependency-type: "all"
+    labels:
+      - "dependencies"

.github/workflows/automerge-dependabot.yml

@@ -0,0 +1,24 @@
+# See https://github.com/ridedott/merge-me-action/
+# This workflow automates merges from patches sent by Dependabot, and
+# only by dependabot, once the other CI workflows pass
+name: automerge-dependabot
+
+on:
+  workflow_run:
+    types:
+      - completed
+    workflows:
+      - "Continuous Integration"
+
+jobs:
+  automerge:
+    name: Auto-merge Dependabot PRs
+    runs-on: ubuntu-latest
+    steps:
+      - name: Auto merge
+        if: ${{ github.event.workflow_run.conclusion == 'success' }}
+        uses: ridedott/merge-me-action@v2
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          MERGE_METHOD: SQUASH
+          PRESET: DEPENDABOT_MINOR