diff --git a/.github/workflows/autorelease.yml b/.github/workflows/autorelease.yml
index 5056b2ec..2890b486 100644
--- a/.github/workflows/autorelease.yml
+++ b/.github/workflows/autorelease.yml
@@ -3,7 +3,11 @@ name: Automatic releases
 on:
   workflow_dispatch:
   schedule:
-    - cron: '0 3 * * 0'
+    - cron: '5 4 * */3 0'
+
+permissions:
+  contents: write
+  pull-requests: write
 
 jobs:
   auto-release:
diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
new file mode 100644
index 00000000..c4e5c920
--- /dev/null
+++ b/.github/workflows/dependabot.yml
@@ -0,0 +1,35 @@
+# Based on code from https://andre.arko.net/2022/05/15/automatic-dependabot-merges/
+
+name: "Merge updates"
+
+on:
+  pull_request:
+    branches:
+      - "main"
+    types:
+      - "opened"
+      - "synchronize"
+      - "reopened"
+      - "ready_for_review"
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  merge:
+    name: "Merge"
+    runs-on: "ubuntu-latest"
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: "Approve pull request"
+        uses: "juliangruber/approve-pull-request-action@v2"
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          number: "${{ github.event.pull_request.number }}"
+
+      - name: "Enable auto-merge for Dependabot pull requests"
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/on-pull-request.yml b/.github/workflows/on-pull-request.yml
deleted file mode 100644
index 3b74f9b9..00000000
--- a/.github/workflows/on-pull-request.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-name: On pull request
-
-on:
-  pull_request:
-    branches:
-      - main
-
-jobs:
-            
-  dependabot:
-#    needs: 
-#      - test
-    permissions:
-      pull-requests: write
-      contents: write
-    runs-on: ubuntu-latest
-    # Checking the actor will prevent your Action run failing on non-Dependabot
-    # PRs but also ensures that it only does work for Dependabot PRs.
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      # This first step will fail if there's no metadata and so the approval
-      # will not occur.
-      - name: Dependabot metadata
-        id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v2.5.0
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      # Here the PR gets approved.
-      - name: Approve a PR
-        run: gh pr review --approve "$PR_URL"
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      # Finally, this sets the PR to allow auto-merging for patch and minor
-      # updates if all checks pass
-      - name: Enable auto-merge for Dependabot PRs
-        # if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
-        run: gh pr merge --auto --squash "$PR_URL"
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}