ci: drop approve step from Dependabot auto-merge workflow

[jeremy]

Summary

• Remove the `gh pr review --approve` step from `.github/workflows/dependabot-auto-merge.yml`. It fails because the repo-level setting Allow GitHub Actions to create and approve pull requests is off, which blocks the workflow before the auto-merge step ever runs (e.g. deps: bump github.com/basecamp/fizzy-sdk/go from 0.1.2 to 0.1.3 in the go-dependencies group across 1 directory #150).
• `master` has no branch protection requiring reviews, so the approve was cosmetic. The `gh pr merge --auto --squash` step is unchanged and still gates on CI — the actual safety check.
• Trade-off vs flipping the repo setting (which is what basecamp-cli/hey-cli do): we diverge from the sibling repos and lose the green "Approved" badge on merged Dependabot PRs, but the workflow becomes self-contained and doesn't depend on a setting that can be silently toggled off.

Test plan

• Workflow file parses (zizmor / actionlint in CI).
• After merging, when the next Dependabot PR opens, confirm `auto-merge` job succeeds and `gh pr view --json autoMergeRequest` shows auto-merge enabled with squash.
• Once required CI checks pass on that Dependabot PR, GitHub merges it automatically with no manual approve.
• Backfill deps: bump github.com/basecamp/fizzy-sdk/go from 0.1.2 to 0.1.3 in the go-dependencies group across 1 directory #150: re-trigger by close+reopen, or run `gh pr merge 150 --auto --squash` once this lands.

---

Summary by cubic

Removed the gh pr review --approve step from .github/workflows/dependabot-auto-merge.yml to stop failures when action approvals are disallowed and restore Dependabot auto-merge. The gh pr merge --auto --squash step is unchanged and still waits for required CI.

^{Written for commit 35bb4a7. Summary will update on new commits. Review in cubic}

[github-actions]

Sensitive Change Detection (shadow mode)

This PR modifies control-plane files:

• .github/workflows/dependabot-auto-merge.yml

Shadow mode — this check is informational only. When activated, changes to these paths will require approval from a maintainer.

[cubic-dev-ai]

No issues found across 1 file

[Copilot]

Pull request overview

This PR updates the Dependabot auto-merge GitHub Actions workflow to remove the gh pr review --approve step, avoiding failures when the repository setting “Allow GitHub Actions to create and approve pull requests” is disabled, while keeping auto-merge behavior unchanged.

Changes:

• Removed the workflow step that attempted to approve eligible Dependabot PRs via gh pr review --approve.
• Kept the existing “enable auto-merge for patch/minor (excluding GitHub Actions)” logic intact.

Tip

If you aren't ready for review, convert to a draft PR.
Click "Convert to draft" or run gh pr ready --undo.
Click "Ready for review" or run gh pr ready to reengage.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.