Fix Dependabot auto-merge by adding pull-requests write permission

[Copilot]

Dependabot PRs were failing to auto-merge due to insufficient GITHUB_TOKEN permissions. The dependabot job was encountering GraphQL: Resource not accessible by integration (mergePullRequest) errors.

Changes

• Added explicit permissions block to the dependabot job in .github/workflows/ci.yml:
  • pull-requests: write - enables PR merge operations
  • contents: write - allows branch updates during merge

dependabot:
  name: 'Dependabot'
  needs: build
  runs-on: ubuntu-latest
  if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}}
  permissions:
    contents: write
    pull-requests: write
  steps:
    - name: Enable auto-merge for Dependabot PRs
      run: gh pr merge --auto --merge "$PR_URL"

The default GITHUB_TOKEN for Dependabot-triggered workflows has read-only permissions by default. This grants the minimal required permissions for the auto-merge workflow to function.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Copilot]

Pull request overview

This PR fixes Dependabot auto-merge functionality by adding explicit permissions to the dependabot job in the CI workflow. The workflow was previously failing with GraphQL: Resource not accessible by integration errors because the default GITHUB_TOKEN for Dependabot-triggered workflows has read-only permissions.

Changes:

• Added permissions block to the dependabot job with contents: write and pull-requests: write to enable PR merge operations

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.