Setup dependabot version update and automerging of dependabot prs

.github/dependabot.yml

@@ -0,0 +1,14 @@
+version: 2
+
+updates:
+  - package-ecosystem: github-actions
+    directory: '/'
+    schedule:
+      interval: daily
+
+  - package-ecosystem: gradle
+    directory: '/'
+    schedule:
+      interval: daily
+      time: '14:30'
+    open-pull-requests-limit: 20

.github/workflows/label-dependabot-pr.yaml

@@ -0,0 +1,10 @@
+name: label-dependabot-pr
+on:
+  pull_request:
+    types: [ opened, unlabeled ]
+
+jobs:
+  label-dependabot-pr:
+    uses: navikt/teamesyfo-github-actions-workflows/.github/workflows/label-dependabot-pr.yaml@main
+    permissions:
+      pull-requests: write

.github/workflows/merge-dependabot-pr.yaml

@@ -0,0 +1,15 @@
+name: merge-dependabot-pr
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0,15,30,45 7-14 * * 1,2,3,4,5'
+
+jobs:
+  merge-dependabot-pr:
+    uses: navikt/teamesyfo-github-actions-workflows/.github/workflows/merge-dependabot-pr.yaml@main
+    permissions:
+      actions: write
+      checks: read
+      contents: write
+      pull-requests: write
+      statuses: read

CODEOWNERS

@@ -1 +1,4 @@
 * @navikt/team-esyfo
+
+# Set empty owners on package.json and package-lock.json to avoid that github adds team-esyfo as reviewer on all automergeable prs from Dependabot
+build.gradle.kts