From b9167bd35466770a478cb7a508bcd7a27e6213e7 Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Mon, 20 Apr 2026 14:18:30 +0000
Subject: [PATCH] Add Dependabot schedule and remove
 dependabot-auto-approve-and-merge job

---
 .github/CODEOWNERS                            |  2 --
 .github/workflows/auto_approve_dependabot.yml | 21 +++++++++++++++++++
 .github/workflows/pull_request.yml            | 16 --------------
 3 files changed, 21 insertions(+), 18 deletions(-)
 delete mode 100644 .github/CODEOWNERS
 create mode 100644 .github/workflows/auto_approve_dependabot.yml

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
deleted file mode 100644
index 0492a66..0000000
--- a/.github/CODEOWNERS
+++ /dev/null
@@ -1,2 +0,0 @@
-# restrict access to approving workflow changes
-.github/workflows/ @NHSDigital/eps-admins
diff --git a/.github/workflows/auto_approve_dependabot.yml b/.github/workflows/auto_approve_dependabot.yml
new file mode 100644
index 0000000..4567aef
--- /dev/null
+++ b/.github/workflows/auto_approve_dependabot.yml
@@ -0,0 +1,21 @@
+name: Auto-approve dependency updates
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '*/30 * * * *'
+
+permissions: {}
+jobs:
+  auto-approve-dependabot:
+    runs-on: ubuntu-22.04
+    environment: create_pull_request
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Auto approve and enable auto-merge
+        uses: NHSDigital/eps-dependabot-approve@da0503449b218ccd99bc547e242007d5514e4d2f
+        with:
+          AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
+          AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
\ No newline at end of file
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index 822d1a9..0a7d4cf 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -1,29 +1,15 @@
 name: Pull Request
-
 on:
   pull_request:
     branches: [main]
-
 env:
   BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
-
 permissions: {}
 jobs:
-  dependabot-auto-approve-and-merge:
-    needs: quality_checks
-    uses: ./.github/workflows/dependabot-auto-approve-and-merge.yml
-    permissions:
-      contents: write
-      pull-requests: write
-    secrets:
-      AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
-      AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
-
   pr_title_format_check:
     uses: ./.github/workflows/pr_title_check.yml
     permissions:
       pull-requests: write
-
   get_config_values:
     uses: ./.github/workflows/get-repo-config.yml
     permissions:
@@ -32,7 +18,6 @@ jobs:
       packages: read
     with:
       verify_published_from_main_image: false
-
   quality_checks:
     uses: ./.github/workflows/quality-checks-devcontainer.yml
     needs: [get_config_values]
@@ -44,7 +29,6 @@ jobs:
       pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-
   tag_release:
     needs: get_config_values
     uses: ./.github/workflows/tag-release-devcontainer.yml