diff --git a/.github/workflows/dependabot_bundler.yml b/.github/workflows/dependabot_bundler.yml
new file mode 100644
index 00000000..4d42dcee
--- /dev/null
+++ b/.github/workflows/dependabot_bundler.yml
@@ -0,0 +1,40 @@
+name: bundlebot
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: 0 0 * * 1 # every Monday at 00:00
+
+jobs:
+  bundler:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version-file: '${{ github.workspace }}/go.mod'
+      - name: Cache go-build and mod
+        uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache/go-build/
+            ~/go/pkg/mod/
+          key: go-${{ hashFiles('go.sum') }}
+          restore-keys: |
+            go-
+      - name: Install Dependabot Bundler
+        run: |
+          go install github.com/Skarlso/dependabot-bundler@v0.0.15
+      - name: Run Dependabot Bundler
+        run: |
+          dependabot-bundler \
+            --token ${{ secrets.GITHUB_TOKEN }} \
+            --owner weaveworks-liquidmetal \
+            --repo flintlock \
+            --labels 'area/dependency,kind/cleanup,user-signing-required' \
+            --pr-title 'chore(deps): Bundle dependabot pull requests'
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 9d520847..a56e8cf0 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -53,6 +53,7 @@ and run: mdtoc -inplace CONTRIBUTING.md
 - [How the Maintainers process contributions](#how-the-maintainers-process-contributions)
   - [Prioritizing issues](#prioritizing-issues)
   - [Reviewing PRs](#reviewing-prs)
+  - [Dependabot Bundler](#dependabot-bundler)
 - [ADRs (Architectural Decision Records)](#adrs-architectural-decision-records)
   - [Process](#process)
 - [:rocket: :tada: Thanks for reading! :tada: :rocket:](#rocket-tada-thanks-for-reading-tada-rocket)
@@ -542,6 +543,13 @@ while lower priority or nice-to-have things may take a little longer to get appr
 To help facilitate a smoother and faster review, follow the guidelines [above](#pr-submission-guidelines).
 Submissions which do not meet standards will be de-prioritised for review.
 
+## Dependabot Bundler
+
+There is an action that will periodically bundle dependabot pull requests into a single
+pull request. This PR is not signed and has the label `user-signing-required`. This must be
+done by a maintainer of the repository. Check out the PR and push an amending commit into
+the existing branch. Then, the PR can be merged.
+
 # ADRs (Architectural Decision Records)
 
 Any impactful decisions to the architecture, design, development and behaviour