From 8ce3184978c2c5cc44620f3c611bc60ad821275d Mon Sep 17 00:00:00 2001
From: saptarshimandal1 <saptarshi.mandal1@nhs.net>
Date: Tue, 3 Mar 2026 16:24:17 +0000
Subject: [PATCH 1/2] Dependabot automation for service template repo

---
 .github/dependabot.yml                      | 54 +++++++++++++++++++++
 .github/workflows/dependabot-auto-merge.yml | 37 ++++++++++++++
 2 files changed, 91 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/dependabot-auto-merge.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..49c37af
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,54 @@
+version: 2
+updates:
+
+  # ---------------------------
+  # Python (Poetry via pip)
+  # ---------------------------
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    target-branch: "master"
+    labels: ["dependencies", "python", "poetry"]
+    open-pull-requests-limit: 10
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+
+  # ---------------------------
+  # NodeJS (root)
+  # ---------------------------
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    target-branch: "master"
+    labels: ["dependencies", "npm"]
+    open-pull-requests-limit: 10
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+
+  # ---------------------------
+  # NodeJS (sandbox/)
+  # ---------------------------
+  - package-ecosystem: "npm"
+    directory: "/sandbox"
+    schedule:
+      interval: "weekly"
+    target-branch: "master"
+    labels: ["dependencies", "npm", "sandbox"]
+    open-pull-requests-limit: 10
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+
+  # ---------------------------
+  # GitHub Actions
+  # ---------------------------
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    target-branch: "master"
+    labels: ["dependencies", "github-actions"]
\ No newline at end of file
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
new file mode 100644
index 0000000..5db4df6
--- /dev/null
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -0,0 +1,37 @@
+name: Dependabot auto-merge
+
+on:
+  pull_request_target:
+    types: [opened, reopened, synchronize, ready_for_review]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  automerge:
+    name: Auto-merge Dependabot patch updates
+    runs-on: ubuntu-latest
+
+    # Only run on Dependabot PRs
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+
+    steps:
+      - name: Fetch Dependabot metadata
+        id: meta
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Approve PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Auto-merge patch updates only
+        if: steps.meta.outputs.update-type == 'version-update:semver-patch'
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file

From 7cc8a2709d78165b467334d1545f980f9d9f96df Mon Sep 17 00:00:00 2001
From: saptarshimandal1 <saptarshi.mandal1@nhs.net>
Date: Tue, 3 Mar 2026 16:35:41 +0000
Subject: [PATCH 2/2] Dependabot automation updated to daily

---
 .github/dependabot.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 49c37af..8d85c58 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,7 +7,7 @@ updates:
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "daily"
     target-branch: "master"
     labels: ["dependencies", "python", "poetry"]
     open-pull-requests-limit: 10
@@ -21,7 +21,7 @@ updates:
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "daily"
     target-branch: "master"
     labels: ["dependencies", "npm"]
     open-pull-requests-limit: 10
@@ -35,7 +35,7 @@ updates:
   - package-ecosystem: "npm"
     directory: "/sandbox"
     schedule:
-      interval: "weekly"
+      interval: "daily"
     target-branch: "master"
     labels: ["dependencies", "npm", "sandbox"]
     open-pull-requests-limit: 10
@@ -49,6 +49,6 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "daily"
     target-branch: "master"
     labels: ["dependencies", "github-actions"]
\ No newline at end of file