updated dependabot.yml w/ old working code; added github dependabot code to actions.yml

.github/dependabot.yml

@@ -9,3 +9,23 @@ updates:
     target-branch: "master"
     schedule:
       interval: "weekly"
+
+  # branch - v2.x
+  - package-ecosystem: "maven"
+    directory: "/"
+    labels:
+      - "dependencies"
+      - "v2.x"
+    target-branch: "v2.x"
+    schedule:
+      interval: "weekly"
+
+  # branch - v1.x
+  - package-ecosystem: "maven"
+    directory: "/"
+    labels:
+      - "dependencies"
+      - "v1.x"
+    target-branch: "v1.x"
+    schedule:
+      interval: "weekly"

.github/workflows/actions.yml

@@ -1,10 +1,9 @@
-name: Dependabot auto-label
+name: Dependabot auto-merge
 on: pull_request
 
 permissions:
   pull-requests: write
-  issues: write
-  repository-projects: write
+  contents: write
 
 jobs:
   dependabot:
@@ -12,12 +11,11 @@ jobs:
     if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo'
     steps:
       - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Add a label for all production dependencies
-        if: steps.metadata.outputs.dependency-type == 'direct:production'
-        run: gh pr edit "$PR_URL" --add-label "production"
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v2
+      - name: Enable auto-merge for Dependabot PRs
+        if: (steps.dependabot-metadata.outputs.cvss == true && update_types == 'minor' || 'patch')
+        run: gh pr merge --auto --merge "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}