added permission for automerge dependabot PRs

Author: timea-solid

.github/workflows/ci.yml

@@ -1,5 +1,7 @@
 name: CI
-
+permissions:
+  contents: write
+  pull-requests: write
 on:
   push:
     branches:
@@ -50,6 +52,18 @@ jobs:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_dir: .
 
+  dependabot:
+    name: 'Dependabot'
+    needs: build # After the E2E and build jobs, if one of them fails, it won't merge the PR.
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}} # Detect that the PR author is dependabot
+    steps:
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --merge "$PR_URL" # Use Github CLI to merge automatically the PR
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          
   npm-publish-build:
     needs: build
     runs-on: ubuntu-latest