diff --git a/.github/workflows/automerge-cdkbot-prs.yaml b/.github/workflows/automerge-cdkbot-prs.yaml
new file mode 100644
index 0000000..70e7f2b
--- /dev/null
+++ b/.github/workflows/automerge-cdkbot-prs.yaml
@@ -0,0 +1,23 @@
+name: Auto-merge cdkbot PRs
+
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  cdkbot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'cdkbot' }}
+    steps:
+      - name: Approve a PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Enable auto-merge for bot PRs
+        run: gh pr merge --auto --rebase "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/update_version.yaml b/.github/workflows/update_version.yaml
index 9cb907f..5d0f486 100644
--- a/.github/workflows/update_version.yaml
+++ b/.github/workflows/update_version.yaml
@@ -8,8 +8,14 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   generator:
+    permissions:
+      contents: write # for peter-evans/create-pull-request to create branch
+      pull-requests: write # for peter-evans/create-pull-request to create a PR
     name: Generate Step for new CoreDNS versions
     runs-on: ubuntu-24.04
     steps:
@@ -18,6 +24,7 @@ jobs:
         with:
           path: coredns-rock
           ref: ${{ github.head_ref || 'main' }}
+          ssh-key: ${{ secrets.BOT_SSH_KEY }}
 
       - name: Checkout coredns repository
         uses: actions/checkout@v4
@@ -44,5 +51,7 @@ jobs:
           body: Update CoreDNS versions with ${{ join(fromJSON(steps.emit-rockcraft.outputs.tags), ', ') }}
           path: coredns-rock
           branch: autoupdate/sync/coredns
+          labels: |
+            automerge
           delete-branch: true
           base: main
diff --git a/1.12.0/rockcraft.yaml b/1.12.0/rockcraft.yaml
deleted file mode 100644
index 1b706f9..0000000
--- a/1.12.0/rockcraft.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-name: coredns
-summary: ROCK for the CoreDNS Project.
-description: This ROCK is a drop in replacement for the coredns/coredns image.
-version: "1.12.0"
-license: Apache-2.0
-
-base: bare
-build-base: ubuntu@22.04
-platforms:
-  amd64:
-  arm64:
-
-entrypoint-service: coredns
-services:
-  coredns:
-    override: replace
-    summary: "coredns service"
-    startup: enabled
-    command: "/coredns [ -conf /etc/coredns/Corefile ]"
-    on-failure: shutdown
-
-parts:
-  coredns:
-    plugin: nil
-    source: https://github.com/coredns/coredns
-    source-type: git
-    source-tag: v1.12.0
-    source-depth: 1
-    build-packages:
-      - build-essential
-    build-snaps:
-      - go/1.21/stable
-    stage-packages:
-      - ca-certificates_data
-    override-build: |
-      make
-      cp $CRAFT_PART_BUILD/coredns $CRAFT_PRIME
diff --git a/Makefile b/Makefile
index a31054c..da351be 100644
--- a/Makefile
+++ b/Makefile
@@ -45,4 +45,4 @@ update-component: install-tools clone-CoreDNS
 # Target to remove the temporary directory
 clean:
 	@rm -rf $(COREDNS_GIT_DIR)
-	@echo "Temporary directory removed: $(COREDNS_GIT_DIR)"
\ No newline at end of file
+	@echo "Temporary directory removed: $(COREDNS_GIT_DIR)"
diff --git a/build/craft_release.sh b/build/craft_release.sh
index 85635e0..e81dc14 100755
--- a/build/craft_release.sh
+++ b/build/craft_release.sh
@@ -7,11 +7,11 @@ RO_SCRIPT_DIR="$( dirname "${BASH_SOURCE[0]}")"
 RO_REPO_DIR=$(dirname ${RO_SCRIPT_DIR})
 RO_VERSIONS=${RO_SCRIPT_DIR}/../versions.txt
 
-function usage() {
+function check_environment() {
     if [[ -z ${COREDNS_GIT_DIR+x} ]]; then
-        echo "COREDNS_GIT_DIR is not set" > /dev/stderr
-        echo "   Clone with 'git clone --bare --filter=blob:none --no-checkout https://github.com/coredns/coredns.git /tmp/coredns.git'" > /dev/stderr
-        echo "   Re-run with 'COREDNS_GIT_DIR=/tmp/coredns.git $0'" > /dev/stderr
+        echo "COREDNS_GIT_DIR is not set" >&2
+        echo "   Clone with 'git clone --bare --filter=blob:none --no-checkout https://github.com/coredns/coredns.git /tmp/coredns.git'" >&2
+        echo "   Re-run with 'COREDNS_GIT_DIR=/tmp/coredns.git $0'" >&2
         exit 1
     fi
 }
@@ -20,7 +20,7 @@ function usage() {
 function check_dependencies(){
     for cmd in yq jq git envsubst; do
         if ! command -v $cmd &> /dev/null; then
-            echo "$cmd could not be found" > /dev/stderr
+            echo "$cmd could not be found" >&2
             exit 1
         fi
     done
@@ -35,6 +35,7 @@ function create_rockcrafts(){
 
     rm -rf ${RO_VERSIONS}
     for rockcraft in $(find ${RO_REPO_DIR} -name 'rockcraft.yaml'); do
+        # output is piped through echo to work through yq confinement
         echo $(yq '.version' $rockcraft) >> ${RO_VERSIONS}
     done
     current_releases=( $(sort -V ${RO_VERSIONS}) )
@@ -74,7 +75,7 @@ function create_rockcrafts(){
 
 
 function main() {
-    usage
+    check_environment
     check_dependencies
     create_rockcrafts
 }