Add MSRV check to CI

.gitattributes

@@ -0,0 +1 @@
+Cargo.lock binary

.github/dependabot.yml

@@ -0,0 +1,42 @@
+version: 2
+updates:
+  # bump major and minor updates as soon as available
+  - package-ecosystem: cargo
+    target-branch: main # see https://github.com/dependabot/dependabot-core/issues/1778#issuecomment-1988140219
+    directory: /
+    schedule:
+      interval: daily
+    commit-message:
+      prefix: chore
+      include: scope
+    ignore:
+      - dependency-name: "*"
+        update-types:
+          - "version-update:semver-patch"
+
+  # bundle patch updates together on a monthly basis
+  - package-ecosystem: cargo
+    directory: /
+    schedule:
+      interval: monthly
+    commit-message:
+      prefix: chore
+      include: scope
+    groups:
+      patch-updates:
+        update-types:
+          - patch
+    ignore:
+      - dependency-name: "*"
+        update-types:
+          - "version-update:semver-minor"
+          - "version-update:semver-major"
+
+  # bump actions as soon as available
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    commit-message:
+      prefix: chore
+      include: scope

.github/workflows/ci.yml

@@ -64,15 +64,32 @@ jobs:
           toolchain: ${{ env.clippy_rust_version }}
           components: clippy
       - run: cargo clippy --all --all-targets --all-features -- -D warnings
-
-  prettier:
-    name: Check prettier
+
+  msrv:
     runs-on: ubuntu-latest
-    if: github.repository == 'graphql-rust/graphql-client'
     steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Install node.js
-      run: sudo apt update && sudo apt-get install -y nodejs
-    - name: Execute prettier
-      run: npx prettier --debug-check -l './**/*.json' './**/*.graphql'
+      - uses: actions/checkout@master
+      - name: Get MSRV from Cargo.toml
+        run: |
+          MSRV=$(grep 'rust-version' Cargo.toml | sed 's/.*= *"\(.*\)".*/\1/')
+          echo "MSRV=$MSRV" >> $GITHUB_ENV
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ env.MSRV }}
+      - uses: taiki-e/install-action@cargo-no-dev-deps
+      - run: cargo no-dev-deps check -p graphql_client
+
+  # Automatically merge if it's a Dependabot PR that passes the build
+  dependabot:
+    needs: [test, wasm_build, lint, msrv]
+    permissions:
+      contents: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.gitignore

@@ -1,7 +1,6 @@
 /target
 node_modules/
 **/*.rs.bk
-Cargo.lock
 .idea
 scripts/*
 !scripts/*.sh