🎨 Create dependabot automerge action

.github/workflows/template_automerge_dependabot.yml

@@ -0,0 +1,26 @@
+# see: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
+name: Dependabot Auto-Merge
+
+on:
+  workflow_call:
+
+jobs:
+  dependabot:
+
+    name: auto-merge
+    runs-on: ubuntu-22.04
+    if: github.actor == 'dependabot[bot]'
+
+    steps:
+      - name: Load dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Enable auto-merge for Dependabot PRs
+        if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -23,6 +23,28 @@ jobs:
 
 In this section you can find examples of how to use template workflows. For more information, please take a look at the templates.
 
+### Auto-Merge Dependabot
+
+<details>
+<summary>The action can be used to auto-merge a dependabot PR with minor and patch updates.</summary>
+
+The action is called by creating a PR. Dependabot must have ownership of the corresponding dependency files in order to be able to merge the PRs.
+
+```yml
+name: Enable Dependabot Auto-Merge
+
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    uses: Staffbase/gha-workflows/.github/workflows/[email protected]
+```
+</details>
+
 ### AutoDev
 
 <details>