diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index 514e0fa..0000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: gomod
-    directory: "/"
-    schedule:
-      interval: weekly
-    commit-message:
-      prefix: deps
-    reviewers:
-      - mmcloughlin
diff --git a/.github/workflows/deps.yml b/.github/workflows/deps.yml
new file mode 100644
index 0000000..63aa53e
--- /dev/null
+++ b/.github/workflows/deps.yml
@@ -0,0 +1,40 @@
+name: deps
+permissions:
+  contents: read
+on:
+  schedule:
+    - cron: "22 5 * * 1"
+jobs:
+  upgrade:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@37335c7bb261b353407cff977110895fa0b4f7d8 # v2.1.3
+        with:
+          go-version: 1.18.x
+      - name: Checkout code
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
+        with:
+          persist-credentials: false
+      - name: Upgrade Modules
+        run: go get -u ./...
+      - name: Tidy
+        run: go mod tidy
+      - name: Diff
+        run: git diff
+      - name: Generate Bot Token
+        uses: tibdex/github-app-token@586e1a624db6a5a4ac2c53daeeded60c5e3d50fe # v1.5.2
+        id: bot
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@bd72e1b7922d417764d27d30768117ad7da78a0e # v4.0.2
+        with:
+          token: ${{ steps.bot.outputs.token }}
+          commit-message: "all: upgrade direct dependencies"
+          branch: auto-upgrade-deps
+          base: master
+          delete-branch: true
+          title: "all: upgrade direct dependencies"
+          body: "Auto-generated upgrade of module dependencies."