Setup dependabot version update and automerging of dependabot prs (#44)

.github/dependabot.yml

@@ -0,0 +1,35 @@
+version: 2
+
+registries:
+  npm-github:
+    type: npm-registry
+    url: https://npm.pkg.github.com
+    token: ${{ secrets.READER_TOKEN }}
+
+updates:
+  - package-ecosystem: github-actions
+    directory: '/'
+    schedule:
+      interval: daily
+
+  - package-ecosystem: npm
+    directory: '/'
+    schedule:
+      interval: daily
+      time: '14:30'
+      timezone: Europe/Oslo
+    open-pull-requests-limit: 20
+    registries: '*'
+    reviewers:
+      - ''
+    groups:
+      aksel-dependencies:
+        patterns:
+          - '@navikt/aksel*'
+          - '@navikt/ds*'
+      react-dependencies:
+        patterns:
+          - 'react'
+          - 'react-dom'
+          - '@types/react'
+          - '@types/react-dom'

.github/workflows/label-dependabot-pr.yaml

@@ -0,0 +1,10 @@
+name: label-dependabot-pr
+on:
+  pull_request:
+    types: [ opened, unlabeled ]
+
+jobs:
+  label-dependabot-pr:
+    uses: navikt/teamesyfo-github-actions-workflows/.github/workflows/label-dependabot-pr.yaml@main
+    permissions:
+      pull-requests: write

.github/workflows/merge-dependabot-pr.yaml

@@ -0,0 +1,15 @@
+name: merge-dependabot-pr
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0,15,30,45 7-14 * * 1,2,3,4,5'
+
+jobs:
+  merge-dependabot-pr:
+    uses: navikt/teamesyfo-github-actions-workflows/.github/workflows/merge-dependabot-pr.yaml@main
+    permissions:
+      actions: write
+      checks: read
+      contents: write
+      pull-requests: write
+      statuses: read

CODEOWNERS

@@ -1 +1,5 @@
 * @navikt/team-esyfo
+
+# Set empty owners on package.json and package-lock.json to avoid that github adds team-esyfo as reviewer on all automergeable prs from Dependabot
+package.json
+package-lock.json