Add RELEASE_TOKEN secret as token input to prepare-release workflow #525

	name: Dependabot Automerge

	on:
	pull_request:
	types: [opened, synchronize]

	permissions:
	contents: write
	pull-requests: write

	jobs:
	dependabot:
	runs-on: ubuntu-latest
	# Only run for dependabot PRs
	if: github.actor == 'dependabot[bot]'
	steps:
	- name: Dependabot metadata
	id: metadata
	uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # v2.2.0
	with:
	github-token: "${{ secrets.GITHUB_TOKEN }}"

	- name: Enable auto-merge for patch and minor updates
	# Auto-merge patch and minor updates, but require manual review for major updates
	if: ${{ steps.metadata.outputs.update-type != 'version-update:semver-major' }}
	continue-on-error: true
	run: \|
	echo "Enabling auto-merge for ${{ steps.metadata.outputs.update-type }} update"
	gh pr merge --auto --squash "$PR_URL"
	env:
	PR_URL: ${{ github.event.pull_request.html_url }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Comment on major updates
	if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-major' }}
	uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v7.1.0
	with:
	script: \|
	github.rest.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: '🚨 Major version update detected! This PR requires manual review before merging due to potential breaking changes.\n\nDependency: `${{ steps.metadata.outputs.dependency-name }}`\nUpdate Type: `${{ steps.metadata.outputs.update-type }}`'
	})

Provide feedback