From b4d2726e54f84f9e579f02a570283f394ebbf759 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Misty=20De=20M=C3=A9o?= <misty@archive.org>
Date: Thu, 8 May 2025 09:55:11 -0700
Subject: [PATCH] dependabot: add yt-dlp in qa

Also sets up an auto-approve for dependabot PRs.
---
 .github/workflows/dependabot.yml | 21 +++++++++++++++++++++
 dependabot.yml                   |  9 +++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 .github/workflows/dependabot.yml
 create mode 100644 dependabot.yml

diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
new file mode 100644
index 0000000..f7ead70
--- /dev/null
+++ b/.github/workflows/dependabot.yml
@@ -0,0 +1,21 @@
+name: Dependabot
+on: pull_request
+
+permissions:
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'internetarchive/brozzler'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Auto-approve PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/dependabot.yml b/dependabot.yml
new file mode 100644
index 0000000..d806ee1
--- /dev/null
+++ b/dependabot.yml
@@ -0,0 +1,9 @@
+version: 2
+updates:
+  - package-ecosystem: "uv"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    target-branch: "qa"
+    allow:
+      - dependency-name: yt-dlp