Automate Dependabot PR merging when tests pass

[uknownothingsnow]

Summary

This PR implements automated merging of Dependabot pull requests when all tests are passing, streamlining dependency management while maintaining code quality standards.

Changes Made

🔧 GitHub Actions Workflows

1. Dependabot Auto-Merge (.github/workflows/dependabot-auto-merge.yml)

• Automatically merges Dependabot PRs when CI passes
• Smart versioning logic:
  • ✅ Auto-merges patch and minor updates
  • ⚠️ Requires manual review for major updates
• Only triggers for dependabot[bot] authored PRs

2. Continuous Integration (.github/workflows/ci.yml)

• Runs comprehensive build and test suite
• Executes on all PRs and pushes to main branches
• Provides quality gate for all code changes

3. Dependabot Configuration (.github/dependabot.yml)

• Weekly dependency scanning and updates
• Covers Gradle dependencies and GitHub Actions
• Configured with proper labels and reviewers

🛡️ Safety Mechanisms

• Test Requirements: All CI checks must pass before merge
• Version Filtering: Conservative approach for major version changes
• Bot Verification: Only processes legitimate Dependabot PRs
• Fallback Handling: Graceful degradation for missing test suites

🔧 Technical Implementation

• Java Version: JDK 8 (compatible with existing Android setup)
• Build System: Gradle with intelligent caching
• Test Execution: Supports unit tests and Android instrumentation tests
• Error Handling: Comprehensive logging and stack traces

Workflow Process

1. Dependabot creates dependency update PR
2. CI workflow runs build and test suite
3. Auto-merge workflow evaluates:
   • ✅ Tests passing + patch/minor update → Auto-merge
   • ⚠️ Tests passing + major update → Comment for manual review
   • ❌ Tests failing → No action

Benefits

• 🔒 Security: Timely dependency updates reduce vulnerability exposure
• ⚡ Efficiency: Eliminates manual work for routine updates
• 🎯 Focus: Manual review only for high-risk changes
• 📊 Transparency: Clear CI status and automated comments

Compatibility

• Designed for older Android project structure
• Handles legacy Gradle versions gracefully
• No impact on existing development workflow
• Easy to disable if needed

This automation ensures dependencies stay current while maintaining the project's stability and security standards.

@uknownothingsnow can click here to continue refining the PR

[openhands-ai]

Looks like there are a few issues preventing this PR from being merged!

• GitHub Actions are failing:
  • CI
  • CI
  • CI
  • CI
  • CI
  • CI

If you'd like me to help, just leave a comment, like

@OpenHands please fix the failing actions on PR #17

Feel free to include any additional details that might help me get this PR into a better state.

_{^{You can manage your notification settings}}