diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
new file mode 100644
index 00000000..cb702efb
--- /dev/null
+++ b/.github/workflows/dependencies.yml
@@ -0,0 +1,46 @@
+# this approach is indebted to this blog post from GitHub user hallettj:
+# https://sitr.us/2024/03/08/nix-npm-and-dependabot.html
+
+name: Update gomod2nix.toml upon Dependabot changes to Go dependencies
+
+on:
+  push:
+    branches:
+      - "dependabot/go_modules/*"
+
+jobs:
+  update_gomod2nix_toml_file:
+    name: Update gomod2nix.toml if Go dependencies have changed
+    runs-on: ubuntu-22.04
+    if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
+    permissions:
+      contents: write
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v10
+      
+      - name: Use Magic Nix Cache
+        uses: DeterminateSystems/magic-nix-cache-action@v4
+      
+      - name: Update gomod2nix.toml (if go.mod has changed)
+        run: |
+          nix develop --command gomod2nix
+      
+      - name: Set up Git config
+        run: |
+          git config user.name "${GITHUB_ACTOR}"
+          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+      
+      - name: Commit changes
+        run: |
+          git add .
+          if [[ $(git status -s) ]]; then
+            git commit -m "build(deps): update gomod2nix.toml [dependabot skip]" --no-verify
+            git push
+            echo "pushed an update to gomod2nix.toml"
+          else
+            echo "go dependencies have not changed"
+          fi