refactor: Replace action-dependabot-auto-merge

Author: bennycode

.github/auto-merge.yml

@@ -1,24 +1,25 @@
 name: 'Merge Dependencies'
 
 # https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/
-# https://github.com/ahmadnassri/action-dependabot-auto-merge/issues/60#issuecomment-806027389
 on: [pull_request_target]
 
+permissions:
+  pull-requests: write
+  contents: write
+
 jobs:
   auto-merge:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest]
-        node-version: [16.x]
-    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
     steps:
-      - name: 'Checkout repository'
-        uses: actions/[email protected]
-
-      - name: 'Automerge dependency updates from Dependabot'
-        uses: ahmadnassri/[email protected]
-        # Guarantee that commit comes from Dependabot (don't blindly trust external GitHub Actions)
-        if: github.actor == 'dependabot[bot]'
+      - name: Extract information about the dependency
+        id: metadata
+        uses: dependabot/[email protected]
         with:
           github-token: ${{ secrets.GH_AUTOMERGE_TOKEN }}
+
+      - name: Automatically merge the dependency
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GH_AUTOMERGE_TOKEN }}