ci(deps): auto-approve / auto-merge dependencies from dependabot

[mwbrooks]

Summary

Add a GitHub Actions workflow to auto-approve and auto-merge Dependabot pull requests for patch and minor version updates.

This reduces maintenance burden by automatically handling low-risk dependency updates while still requiring manual review for major version bumps.

Repository Settings Required

To enable auto-merge functionality, the following repository settings must be configured:

• Settings → General → Pull Requests

  • ✅ Allow auto-merge

• Settings → Branches → main branch protection rule

  • ✅ Require status checks to pass before merging
    • Add required checks: Build, Unit Tests

• Settings → Actions → General → Workflow permissions

  • ✅ Allow GitHub Actions to create and approve pull requests

Requirements (place an x in each [ ])

• I've read and understood the Contributing Guidelines and have done my best effort to follow them.
• I've read and agree to the Code of Conduct.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 50b1092

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.09%. Comparing base (39949d1) to head (50b1092).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2500   +/-   ##
=======================================
  Coverage   93.09%   93.09%           
=======================================
  Files          40       40           
  Lines       11239    11239           
  Branches      713      713           
=======================================
  Hits        10463    10463           
  Misses        764      764           
  Partials       12       12           

Flag	Coverage Δ
cli-hooks	95.23% <ø> (ø)
cli-test	94.79% <ø> (ø)
oauth	77.39% <ø> (ø)
socket-mode	61.87% <ø> (ø)
web-api	98.11% <ø> (ø)
webhook	96.66% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[zimeg]

LGTM - clean dependabot auto-merge workflow

[mwbrooks]

Thanks @zimeg for the timely review!

This repo required all of the settings to be enabled.

I also had to have 54 status check requirements!

• Ubuntu 18.x
• Ubuntu 20.x
• Ubuntu 22.x
• Windows 18.x
• Windows 20.x
• Windows 22.x

Let me know if you all want to change anything.

[mwbrooks]

@zimeg Just want to flag that I see the checks on main after the merge are pending on the "Release / Publish" workflow. It's pending because it requires manual approval to run the workflow.

I imagine this is a result of our changeset workflow?

[zimeg]

@mwbrooks Amazing! Thanks so much for bringing these CI enhancements to life 👾 ✨

I imagine this is a result of our changeset workflow?

Both the changset workflows and following a release without new entries to the changeset. Running that workflow now would attempt to republish existing versions without causing issue - no changes for existing versions IIRC. We might be alright to ignore it or merge PRs with entries soon next 🎁