Create PAT with workflow scope for Dependabot auto-merge

## Problem

Dependabot PRs that modify workflow files (like `.github/workflows/test.yml`) cannot be auto-merged using the default `GITHUB_TOKEN`. GitHub requires a token with the `workflow` scope.

Example: PR #411 (actions/cache bump) failed auto-merge with:
```
GraphQL: Pull request refusing to allow a Personal Access Token to create or update workflow 
`.github/workflows/test.yml` without `workflow` scope (enablePullRequestAutoMerge)
```

## Solution

1. Create a new Personal Access Token (classic) with `repo` and `workflow` scopes
2. Add it as a repository secret (e.g., `AUTO_MERGE_TOKEN`)
3. Update the auto-merge step in `.github/workflows/test.yml` to use this token instead of `GITHUB_TOKEN`

## Security consideration

Be aware that using a PAT gives more permissions than the default token. Consider if manual merging of workflow-modifying PRs is acceptable instead.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Create PAT with workflow scope for Dependabot auto-merge #412

Problem

Solution

Security consideration

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Create PAT with workflow scope for Dependabot auto-merge #412

Description

Problem

Solution

Security consideration

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions