feat(dependabot): consolidate auto-approve and merge workflow

- Replaces the separate auto-approve workflow with an auto-approve-and-merge workflow for Dependabot pull requests.
- Includes an additional step to approve the PR after metadata fetching.
- Adjusts trigger to execute for pull requests targeting the main branch only.

Author: winromulus

.github/workflows/dependabot.auto.approve.yaml

@@ -1,5 +1,9 @@
-name: Dependabot auto-merge
-on: pull_request
+name: Dependabot auto-approve-and-merge
+
+on:
+  pull_request:
+    branches:
+      - main
 
 permissions:
   contents: write
@@ -10,16 +14,22 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event.pull_request.user.login == 'dependabot[bot]'
     steps:
-      - name: Dependabot metadata
+      - name: Fetch Dependabot metadata
         id: metadata
         uses: dependabot/fetch-metadata@v2
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
           skip-commit-verification: true
           skip-verification: true
-      - name: Enable auto-merge for Dependabot PRs
-        # if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
+
+      - name: Enable auto-merge
         run: gh pr merge --auto --squash "$PR_URL"
         env:
-          PR_URL: ${{github.event.pull_request.html_url}}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.ES_GITHUB_PAT }}
+
+      - name: Approve the PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
           GH_TOKEN: ${{ secrets.ES_GITHUB_PAT }}