name: Auto Approve Dependabot PRs

on:
  pull_request_target:
    types: [labeled]

jobs:
  auto-update-dependabot:
    name: Auto-Approve and enable Auto-Merge for all Dependabot PRs
    runs-on: ubuntu-latest
    if: github.event.pull_request.user.login == 'dependabot[bot]' && contains(github.event.pull_request.labels.*.name, 'dependencies')
    steps:

    # Enable auto-merge *before* issuing an approval.
    - name: Enable Github Automerge
      uses: alexwilson/enable-github-automerge-action@main
      with:
        github-token: "${{ secrets.ORIGAMI_FOX_ACCESS_TOKEN }}"

    # We "trust" dependabot updates (this still requires all other checks to pass!)
    - uses: hmarr/auto-approve-action@5d04a5ca6da9aeb8ca9f31a5239b96fc3e003029
      with:
        github-token: "${{ secrets.ORIGAMI_FOX_ACCESS_TOKEN }}"