From d15d056ba4e4d06d4cebe4b2e17a74f6d9951b6b Mon Sep 17 00:00:00 2001
From: Bruce Markham <219281+brucificus@users.noreply.github.com>
Date: Sun, 10 Dec 2023 17:08:19 -0500
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7=20Fixes=20Dependabot=20Auto-Approv?=
 =?UTF-8?q?al?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/dependabot-auto-merge.yml | 30 ---------------------
 .github/workflows/review_dependabot.yml     | 19 +++++++++++++
 2 files changed, 19 insertions(+), 30 deletions(-)
 delete mode 100644 .github/workflows/dependabot-auto-merge.yml
 create mode 100644 .github/workflows/review_dependabot.yml

diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
deleted file mode 100644
index fccc0f6..0000000
--- a/.github/workflows/dependabot-auto-merge.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-name: Automerge Dependabot Updates
-
-on:
-  check_suite:
-    types:
-      - completed
-
-jobs:
-  auto_merge:
-    runs-on: ubuntu-latest
-
-    needs:
-      - build_and_test
-
-    steps:
-      - name: auto-merge
-        uses: ridedott/merge-me-action@v1.1.34
-        with:
-          # Depending on branch protection rules, a  manually populated
-          # `GITHUB_TOKEN_WORKAROUND` environment variable with permissions to
-          # push to a protected branch must be used. This variable can have an
-          # arbitrary name, as an example, this repository uses
-          # `GITHUB_TOKEN_DOTTBOTT`.
-          #
-          # When using a custom token, it is recommended to leave the following
-          # comment for other developers to be aware of the reasoning behind it:
-          #
-          # This must be used as GitHub Actions token does not support
-          # pushing to protected branches.
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN_DOTTBOTT }}
diff --git a/.github/workflows/review_dependabot.yml b/.github/workflows/review_dependabot.yml
new file mode 100644
index 0000000..30c7765
--- /dev/null
+++ b/.github/workflows/review_dependabot.yml
@@ -0,0 +1,19 @@
+name: Dependabot reviewer
+
+on: pull_request_target
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  review-dependabot-pr:
+    name: Review Dependabot PR
+    runs-on: ubuntu-latest
+    steps:
+      - name: Review Dependabot PR
+        uses: pwshrc/actions-review-dependabot@v0.6.3
+        with:
+          github_token: "${{ secrets.GITHUB_TOKEN }}"
+          required-pr-user-login: 'dependabot[bot]'
+          merge-mode: 'rebase'