From 7ef4ada7a662d4a30ad46668e97f868e3302bce9 Mon Sep 17 00:00:00 2001
From: Barry Gordon <brrygrdn@github.com>
Date: Wed, 20 Apr 2022 11:47:21 +0100
Subject: [PATCH 1/5] Dependabot runs monthly

---
 .github/dependabot.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 567def3..80bb06d 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,9 +1,5 @@
 version: 2
 updates:
-  - package-ecosystem: 'npm'
-    directory: '/'
-    schedule:
-      interval: 'weekly'
   - package-ecosystem: 'docker'
     directory: '/docker'
     schedule:
@@ -13,7 +9,11 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "monthly"
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'monthly'
 
 registries:
   ghcr:

From 80cecf868190649a2201d4e47103cd297d62ab2e Mon Sep 17 00:00:00 2001
From: Barry Gordon <brrygrdn@github.com>
Date: Wed, 20 Apr 2022 11:48:15 +0100
Subject: [PATCH 2/5] We permit up to 20 npm PRs at once

---
 .github/dependabot.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 80bb06d..cb6c358 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -12,6 +12,7 @@ updates:
       interval: "monthly"
   - package-ecosystem: 'npm'
     directory: '/'
+    open-pull-requests-limit: 20
     schedule:
       interval: 'monthly'
 

From fad6596d9f9ce7d5a910020ed560d991d4c20267 Mon Sep 17 00:00:00 2001
From: Barry Gordon <brrygrdn@github.com>
Date: Wed, 20 Apr 2022 11:48:30 +0100
Subject: [PATCH 3/5] Prefer npm to NPM

---
 .github/workflows/check-dist.yml       | 2 +-
 .github/workflows/dependabot-build.yml | 4 ++--
 .github/workflows/integration-test.yml | 2 +-
 .github/workflows/test.yml             | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml
index 3a44f7a..8fb3d45 100644
--- a/.github/workflows/check-dist.yml
+++ b/.github/workflows/check-dist.yml
@@ -25,7 +25,7 @@ jobs:
         with:
           node-version: ${{ steps.nvm.outputs.NVMRC }}
 
-      - name: Install NPM dependencies
+      - name: Install npm dependencies
         run: npm ci
 
       - name: Rebuild the dist/ directory
diff --git a/.github/workflows/dependabot-build.yml b/.github/workflows/dependabot-build.yml
index 36c467b..8592624 100644
--- a/.github/workflows/dependabot-build.yml
+++ b/.github/workflows/dependabot-build.yml
@@ -26,7 +26,7 @@ jobs:
   build-dependabot-changes:
     runs-on: ubuntu-latest
     needs: [fetch-dependabot-metadata]
-    # We only need to build the dist/ folder if the PR relates to Docker or a production NPM dependency, otherwise we don't expect changes.
+    # We only need to build the dist/ folder if the PR relates to Docker or a production npm dependency, otherwise we don't expect changes.
     if: needs.fetch-dependabot-metadata.output.package-ecosystem == 'docker' || ( needs.fetch-dependabot-metadata.output.package-ecosystem == 'npm_and_yarn' && needs.fetch-dependabot-metadata.outputs.dependency-type == 'direct:production' )
     steps:
       # Check out using a PAT so any pushed changes will trigger checkruns
@@ -44,7 +44,7 @@ jobs:
         with:
           node-version: ${{ steps.nvm.outputs.NVMRC }}
 
-      - name: Install NPM dependencies
+      - name: Install npm dependencies
         run: npm ci
 
       # If we're reacting to a Docker PR, we have on extra step to refresh and check in the container manifest,
diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
index 9daa39e..905b116 100644
--- a/.github/workflows/integration-test.yml
+++ b/.github/workflows/integration-test.yml
@@ -26,7 +26,7 @@ jobs:
         with:
           node-version: ${{ steps.nvm.outputs.NVMRC }}
 
-      - name: Install NPM dependencies
+      - name: Install npm dependencies
         run: npm ci
 
       - name: Pre-fetch the pinned images
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 2d7b94a..762eb01 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -24,7 +24,7 @@ jobs:
         with:
           node-version: ${{ steps.nvm.outputs.NVMRC }}
 
-      - name: Install NPM dependencies
+      - name: Install npm dependencies
         run: npm ci
 
       - name: Check formatting

From c3a09b0b5d29656ae6679339d400cfd9c07dfc65 Mon Sep 17 00:00:00 2001
From: Barry Gordon <brrygrdn@github.com>
Date: Wed, 20 Apr 2022 11:48:55 +0100
Subject: [PATCH 4/5] Fix invalid condition on dependabot builds

---
 .github/workflows/dependabot-build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot-build.yml b/.github/workflows/dependabot-build.yml
index 8592624..e688388 100644
--- a/.github/workflows/dependabot-build.yml
+++ b/.github/workflows/dependabot-build.yml
@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: [fetch-dependabot-metadata]
     # We only need to build the dist/ folder if the PR relates to Docker or a production npm dependency, otherwise we don't expect changes.
-    if: needs.fetch-dependabot-metadata.output.package-ecosystem == 'docker' || ( needs.fetch-dependabot-metadata.output.package-ecosystem == 'npm_and_yarn' && needs.fetch-dependabot-metadata.outputs.dependency-type == 'direct:production' )
+    if: needs.fetch-dependabot-metadata.outputs.package-ecosystem == 'docker' || ( needs.fetch-dependabot-metadata.outputs.package-ecosystem == 'npm_and_yarn' && needs.fetch-dependabot-metadata.outputs.dependency-type == 'direct:production' )
     steps:
       # Check out using a PAT so any pushed changes will trigger checkruns
       - uses: actions/checkout@v3

From d4c866bc03d0d7f0d151034e8f5e7b1ccbcfae51 Mon Sep 17 00:00:00 2001
From: Barry Gordon <brrygrdn@github.com>
Date: Wed, 20 Apr 2022 11:50:31 +0100
Subject: [PATCH 5/5] Dependabot flags PRs to automerge

---
 .github/workflows/dependabot-auto-merge.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 .github/workflows/dependabot-auto-merge.yml

diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
new file mode 100644
index 0000000..92d1495
--- /dev/null
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -0,0 +1,19 @@
+name: Dependabot auto-merge
+on: pull_request_target
+permissions:
+  pull-requests: write
+  contents: write
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    steps:
+      - name: Fetch metadata
+        uses: dependabot/fetch-metadata@v1.3.0
+
+      # Enable the automerge using a PAT so the merge commits trigger workflows
+      - name: Auto-merge
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.DEPENDABOT_AUTOBUILD }}