From 3962b57523457d282d9bba2da040db8587635f55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andrzej=20Kobyli=C5=84ski?= <endrju397@gmail.com>
Date: Tue, 24 Mar 2026 17:08:36 +0100
Subject: [PATCH 1/4] feat: add GitHub Actions CI workflow with JDK matrix

Triggers on push to main and PRs.
Matrix tests against JDK 21 (minimum) and JDK 25 (latest LTS).
Includes ktlintCheck, test, and test artifact upload.
---
 .github/workflows/ci.yml | 42 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..40a5010
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,42 @@
+name: CI
+on:
+  pull_request:
+    branches: [ main ]
+  push:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+jobs:
+  ci:
+    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        java: [ "21", "25" ]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up JDK ${{ matrix.java }}
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: ${{ matrix.java }}
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+
+      - name: Check formatting
+        run: ./gradlew ktlintCheck
+
+      - name: Test
+        run: ./gradlew test
+
+      - name: Upload test results
+        uses: actions/upload-artifact@v4
+        if: success() || failure()
+        with:
+          name: test-results-java-${{ matrix.java }}
+          path: '**/build/test-results/test/TEST-*.xml'

From 3c3ad81f7fd8a25cf7c96d8e598dac0bb9f1cd44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andrzej=20Kobyli=C5=84ski?= <endrju397@gmail.com>
Date: Tue, 24 Mar 2026 17:11:32 +0100
Subject: [PATCH 2/4] feat: add Dependabot config for Gradle and GitHub Actions
 updates

Gradle deps split into two groups: production (exposed, spring,
jackson, drivers) and testing (kotest, testcontainers, wiremock).
Grouping reduces PR noise while keeping risk levels separate.
---
 .github/dependabot.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..12047a0
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,20 @@
+version: 2
+updates:
+  # Keep Gradle dependencies up to date
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    groups:
+      production:
+        dependency-type: "production"
+      testing:
+        dependency-type: "development"
+
+  # Keep GitHub Actions up to date
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10

From 16d44281b256c3e98a8abc8bac30f64a371b0dad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andrzej=20Kobyli=C5=84ski?= <endrju397@gmail.com>
Date: Wed, 25 Mar 2026 09:36:02 +0100
Subject: [PATCH 3/4] chore: bump gradle/actions/setup-gradle to v4.4.4

Update SHA pin from v4.4.1 to v4.4.4 (latest v4.x patch).
---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 40a5010..d2817a1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -26,7 +26,7 @@ jobs:
           java-version: ${{ matrix.java }}
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+        uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
 
       - name: Check formatting
         run: ./gradlew ktlintCheck

From 445429a422b9502c87fce930a1f33551fc027239 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andrzej=20Kobyli=C5=84ski?= <endrju397@gmail.com>
Date: Wed, 25 Mar 2026 09:50:49 +0100
Subject: [PATCH 4/4] feat: add Dependabot auto-merge via shared SML workflow

- Add auto-merge-dependabot job using shared auto-merge workflow
- Add "automerge" label to both Dependabot ecosystems
- Uses SOFTWAREMILL_CI_PR_TOKEN to trigger downstream CI on merge
- Follows sttp-ai/tapir pattern (andrzej.kobylinski Feb-Mar 2026 fixes)
---
 .github/dependabot.yml   |  4 ++++
 .github/workflows/ci.yml | 11 ++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 12047a0..54bbe2a 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,6 +3,8 @@ updates:
   # Keep Gradle dependencies up to date
   - package-ecosystem: "gradle"
     directory: "/"
+    labels:
+      - "automerge"
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 10
@@ -15,6 +17,8 @@ updates:
   # Keep GitHub Actions up to date
   - package-ecosystem: "github-actions"
     directory: "/"
+    labels:
+      - "automerge"
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 10
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d2817a1..a398881 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,7 +6,8 @@ on:
     branches: [ main ]
 
 permissions:
-  contents: read
+  contents: write       # auto-merge requirement
+  pull-requests: write  # auto-merge requirement
 
 jobs:
   ci:
@@ -40,3 +41,11 @@ jobs:
         with:
           name: test-results-java-${{ matrix.java }}
           path: '**/build/test-results/test/TEST-*.xml'
+
+  auto-merge-dependabot:
+    # only for PRs by dependabot[bot]
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    needs: [ ci ]
+    uses: softwaremill/github-actions-workflows/.github/workflows/auto-merge.yml@main
+    secrets:
+      github-token: ${{ secrets.SOFTWAREMILL_CI_PR_TOKEN }}