From 1656bc14a7c1a49b939e7ba082a822d6fbeb4737 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Mon, 21 Jul 2025 10:39:22 -0300
Subject: [PATCH] ci: dependabot, sync and lint jobs

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 .github/dependabot.yml                | 28 +++++++++++++++++++++++++++
 .github/workflows/build.yml           | 19 ++++++++++++++++++
 .github/workflows/dependabot-sync.yml | 17 ++++++++++++++++
 .github/workflows/lint-sync.yml       | 14 ++++++++++++++
 4 files changed, 78 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/dependabot-sync.yml
 create mode 100644 .github/workflows/lint-sync.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000000000000000000000000000000000..02420bbeaced0abb3362e1de30be8c3c8c75f0d8
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,28 @@
+version: 2
+
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "05:00"
+      timezone: "America/New_York"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "05:00"
+      timezone: "America/New_York"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 60d41177eb65b9f2bd11ba0f6523b39572c04be1..42fe1ce67f87406b3e9cb7b5c05ea7f8659a2197 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -9,3 +9,22 @@ jobs:
       go-version-file: ./go.mod
     secrets:
       gh_pat: "${{ secrets.PERSONAL_ACCESS_TOKEN }}"
+
+  dependabot:
+    needs: [build]
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: write
+    if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}}
+    steps:
+      - id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - run: |
+          gh pr review --approve "$PR_URL"
+          gh pr merge --squash --auto "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/dependabot-sync.yml b/.github/workflows/dependabot-sync.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9b082590bda3f7ec5df3e1032c4f35bb11502e6b
--- /dev/null
+++ b/.github/workflows/dependabot-sync.yml
@@ -0,0 +1,17 @@
+name: dependabot-sync
+on:
+  schedule:
+    - cron: "0 0 * * 0" # every Sunday at midnight
+  workflow_dispatch: # allows manual triggering
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot-sync:
+    uses: charmbracelet/meta/.github/workflows/dependabot-sync.yml@main
+    with:
+      repo_name: ${{ github.event.repository.name }}
+    secrets:
+      gh_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
diff --git a/.github/workflows/lint-sync.yml b/.github/workflows/lint-sync.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ecf8580246f0165842891ee5f6e28992d15d68ff
--- /dev/null
+++ b/.github/workflows/lint-sync.yml
@@ -0,0 +1,14 @@
+name: lint-sync
+on:
+  schedule:
+    # every Sunday at midnight
+    - cron: "0 0 * * 0"
+  workflow_dispatch: # allows manual triggering
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  lint:
+    uses: charmbracelet/meta/.github/workflows/lint-sync.yml@main