From a824fa7f142088d27301f66e0d441d502a9e1a2e Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Mon, 20 Apr 2026 14:17:21 +0000
Subject: [PATCH] Add Dependabot schedule and remove
 dependabot-auto-approve-and-merge job

---
 .github/CODEOWNERS                            |  2 --
 .github/workflows/auto_approve_dependabot.yml | 21 +++++++++++++++++++
 .github/workflows/pull_request.yml            | 13 ------------
 3 files changed, 21 insertions(+), 15 deletions(-)
 delete mode 100644 .github/CODEOWNERS
 create mode 100644 .github/workflows/auto_approve_dependabot.yml

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
deleted file mode 100644
index 0492a665..00000000
--- a/.github/CODEOWNERS
+++ /dev/null
@@ -1,2 +0,0 @@
-# restrict access to approving workflow changes
-.github/workflows/ @NHSDigital/eps-admins
diff --git a/.github/workflows/auto_approve_dependabot.yml b/.github/workflows/auto_approve_dependabot.yml
new file mode 100644
index 00000000..4567aef8
--- /dev/null
+++ b/.github/workflows/auto_approve_dependabot.yml
@@ -0,0 +1,21 @@
+name: Auto-approve dependency updates
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '*/30 * * * *'
+
+permissions: {}
+jobs:
+  auto-approve-dependabot:
+    runs-on: ubuntu-22.04
+    environment: create_pull_request
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Auto approve and enable auto-merge
+        uses: NHSDigital/eps-dependabot-approve@da0503449b218ccd99bc547e242007d5514e4d2f
+        with:
+          AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
+          AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
\ No newline at end of file
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index dc3a9b62..5e14d210 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -1,9 +1,7 @@
 name: build_pr
-
 on:
   pull_request:
     branches: [main]
-
 permissions: {}
 jobs:
   get_config_values:
@@ -14,15 +12,6 @@ jobs:
       attestations: read
       contents: read
       packages: read
-  dependabot-auto-approve-and-merge:
-    needs: quality_checks
-    uses: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@6a7443adade993bcd35e70cf4b18f83f62ed5d13
-    permissions:
-      contents: write
-      pull-requests: write
-    secrets:
-      AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
-      AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
   pr_title_format_check:
     uses: NHSDigital/eps-common-workflows/.github/workflows/pr_title_check.yml@9564a673928c4ed2157e0a26ee0d68304d429e87
     permissions:
@@ -37,7 +26,6 @@ jobs:
     with:
       pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
       run_docker_scan: false
-
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
   package_npm_code:
@@ -45,7 +33,6 @@ jobs:
     uses: ./.github/workflows/package_npm_code.yml
     with:
       pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
-
   tag_release:
     needs: [get_config_values]
     uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@8399c1f015c1304e40771cbd8ccc24c7ed48fdbc