feat: add Dependabot auto-merge and PR labeling

- Add workflow to auto-merge Dependabot PRs for patch and minor updates
- Major updates require manual review
- Group minor and patch updates together in dependabot.yml
- Add PR labeler workflow and configuration
- Add auto-merge configuration file
- Ensures all tests pass before merging

This will help maintain dependencies automatically while keeping the
codebase secure and up-to-date.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: lainra

.github/auto-merge.yml

@@ -0,0 +1,40 @@
+# Configuration for probot-auto-merge or GitHub's auto-merge feature
+
+# Merge method to use
+mergeMethod: squash
+
+# Automatically delete the branch after merge
+deleteBranchAfterMerge: true
+
+# Required status checks
+requiredChecks:
+  - "test (16.x)"
+  - "test (18.x)"
+  - "test (20.x)"
+  - "docker-build"
+  - "security"
+
+# Blocking labels (PRs with these labels won't be auto-merged)
+blockingLabels:
+  - "do-not-merge"
+  - "work-in-progress"
+  - "breaking-change"
+  - "major-update"
+
+# Rules for different types of PRs
+rules:
+  # Auto-merge Dependabot minor and patch updates
+  - match:
+      authors: ["dependabot[bot]"]
+      updateTypes: ["patch", "minor"]
+    actions:
+      merge:
+        method: squash
+        
+  # Auto-merge documentation updates
+  - match:
+      files: ["*.md", "docs/**"]
+      authors: ["lainra"]
+    actions:
+      merge:
+        method: squash

.github/dependabot.yml

@@ -16,6 +16,14 @@ updates:
     commit-message:
       prefix: "chore"
       include: "scope"
+    # Group all non-major updates together
+    groups:
+      npm-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
 
   # Enable version updates for Docker
   - package-ecosystem: "docker"

.github/labeler.yml

@@ -0,0 +1,50 @@
+# Configuration for actions/labeler
+
+documentation:
+  - changed-files:
+    - any-glob-to-any-file:
+      - '**/*.md'
+      - 'docs/**'
+      - '.github/*.md'
+
+dependencies:
+  - changed-files:
+    - any-glob-to-any-file:
+      - 'package.json'
+      - 'package-lock.json'
+      - 'yarn.lock'
+
+docker:
+  - changed-files:
+    - any-glob-to-any-file:
+      - 'Dockerfile*'
+      - 'docker-compose*.yml'
+      - '.dockerignore'
+
+github-actions:
+  - changed-files:
+    - any-glob-to-any-file:
+      - '.github/workflows/*'
+      - '.github/actions/*'
+
+tests:
+  - changed-files:
+    - any-glob-to-any-file:
+      - '**/*.test.js'
+      - 'test/**'
+      - 'jest.config.js'
+
+source:
+  - changed-files:
+    - any-glob-to-any-file:
+      - 'src/**'
+      - '!src/**/*.test.js'
+
+configuration:
+  - changed-files:
+    - any-glob-to-any-file:
+      - '.*rc'
+      - '.*rc.js'
+      - '.*rc.json'
+      - '.env*'
+      - 'config/**'

.github/workflows/dependabot-auto-merge.yml

@@ -0,0 +1,52 @@
+name: Dependabot Auto-Merge
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          
+      - name: Auto-approve PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          
+      - name: Enable auto-merge for Dependabot PRs
+        if: |
+          steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
+          steps.metadata.outputs.update-type == 'version-update:semver-minor'
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          
+      - name: Add comment for major updates
+        if: steps.metadata.outputs.update-type == 'version-update:semver-major'
+        run: |
+          gh pr comment "$PR_URL" --body "⚠️ **Major version update detected!**
+          
+          This PR contains a major version update which may include breaking changes.
+          Please review carefully before merging.
+          
+          Update type: ${{ steps.metadata.outputs.update-type }}
+          
+          To merge this PR after review, comment:
+          \`@dependabot merge\`"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/label.yml

@@ -0,0 +1,19 @@
+name: Label PRs
+
+on:
+  pull_request:
+    types: [opened, edited, synchronize]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  label:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - uses: actions/labeler@v5
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          sync-labels: true