use Dependabot v2 (ktr0731#380)

ktr0731 · web-flow · commit 3111fb5612ee · 2021-03-18T10:45:26.000+09:00
diff --git a/.dependabot/config.yml b/.dependabot/config.yml
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,18 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+    labels:
+      - update
+    reviewers:
+      - ktr0731
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: weekly
+    labels:
+      - update
+    reviewers:
+      - ktr0731
diff --git a/.github/workflows/approve_and_merge.yml b/.github/workflows/approve_and_merge.yml
@@ -0,0 +1,25 @@
+name: "Auto approve and merge Pull Requests"
+on:
+  pull_request_target
+jobs:
+  worker:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Auto approve and merge Pull Request
+        uses: actions/github-script@v3.1
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          script: |
+            await github.pulls.createReview({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.issue.number,
+              event: "APPROVE"
+            })
+            await github.pulls.merge({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.issue.number,
+              merge_method: "squash"
+            })
