name: Auto-Approve and Merge # Automatically approves and merges PRs when CI passes # No human approval required - CI is the gatekeeper on: pull_request: types: [opened, synchronize, reopened, labeled] check_suite: types: [completed] workflow_run: workflows: ["CI", "Auto Deploy"] types: [completed] permissions: contents: write pull-requests: write jobs: auto-merge: runs-on: ubuntu-latest # Trusted actors - auto-merge their PRs if: | github.actor == 'blackboxprogramming' || github.actor == 'codex-bot' || github.actor == 'dependabot[bot]' || github.actor == 'github-actions[bot]' || github.actor == 'claude-code[bot]' || contains(github.event.pull_request.labels.*.name, 'auto-merge') steps: - name: Checkout uses: actions/checkout@v4 - name: Wait for checks to complete uses: fountainhead/action-wait-for-check@v1.2.0 id: wait-for-checks with: token: ${{ secrets.GITHUB_TOKEN }} checkName: detect-and-deploy ref: ${{ github.event.pull_request.head.sha || github.sha }} timeoutSeconds: 600 intervalSeconds: 15 continue-on-error: true - name: Auto-approve PR if: steps.wait-for-checks.outputs.conclusion == 'success' || steps.wait-for-checks.outcome == 'failure' uses: hmarr/auto-approve-action@v4 with: github-token: ${{ secrets.GITHUB_TOKEN }} - name: Enable auto-merge if: steps.wait-for-checks.outputs.conclusion == 'success' || steps.wait-for-checks.outcome == 'failure' run: gh pr merge --auto --squash "${{ github.event.pull_request.number }}" env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Comment on failure if: steps.wait-for-checks.outputs.conclusion == 'failure' uses: actions/github-script@v7 with: script: | github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, issue_number: context.payload.pull_request.number, body: '⚠️ **Checks failed** - Review required before merge.' });