127 lines
4.1 KiB
YAML
127 lines
4.1 KiB
YAML
name: Auto-Approve and Merge
|
|
|
|
# Automatically approves and merges PRs when CI passes
|
|
# No human approval required - CI is the gatekeeper
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize, reopened, labeled]
|
|
check_suite:
|
|
types: [completed]
|
|
workflow_run:
|
|
workflows: ["CI", "Auto Deploy"]
|
|
# This workflow automatically approves and merges PRs when:
|
|
# 1. CI passes
|
|
# 2. PR is from a trusted source (you, Codex, or designated bots)
|
|
#
|
|
# No human approval required. CI is the reviewer.
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize, reopened]
|
|
check_suite:
|
|
types: [completed]
|
|
workflow_run:
|
|
workflows: ["CI"] # Replace with your actual CI workflow name
|
|
types: [completed]
|
|
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
auto-merge:
|
|
runs-on: ubuntu-latest
|
|
|
|
# Trusted actors - auto-merge their PRs
|
|
if: |
|
|
github.actor == 'blackboxprogramming' ||
|
|
github.actor == 'codex-bot' ||
|
|
github.actor == 'dependabot[bot]' ||
|
|
github.actor == 'github-actions[bot]' ||
|
|
github.actor == 'claude-code[bot]' ||
|
|
contains(github.event.pull_request.labels.*.name, 'auto-merge')
|
|
|
|
|
|
# Only run for trusted actors
|
|
# Add your GitHub username, Codex bot, any other trusted sources
|
|
if: |
|
|
github.actor == 'YOUR_GITHUB_USERNAME' ||
|
|
github.actor == 'codex-bot' ||
|
|
github.actor == 'dependabot[bot]' ||
|
|
github.actor == 'github-actions[bot]'
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Wait for checks to complete
|
|
uses: fountainhead/action-wait-for-check@v1.2.0
|
|
id: wait-for-checks
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
checkName: detect-and-deploy
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
timeoutSeconds: 600
|
|
intervalSeconds: 15
|
|
continue-on-error: true
|
|
|
|
- name: Auto-approve PR
|
|
if: steps.wait-for-checks.outputs.conclusion == 'success' || steps.wait-for-checks.outcome == 'failure'
|
|
- name: Wait for CI to complete
|
|
uses: fountainhead/action-wait-for-check@v1.1.0
|
|
id: wait-for-ci
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
checkName: build # Replace with your CI check name
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
timeoutSeconds: 300
|
|
intervalSeconds: 10
|
|
|
|
- name: Auto-approve PR
|
|
if: steps.wait-for-ci.outputs.conclusion == 'success'
|
|
uses: hmarr/auto-approve-action@v4
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Enable auto-merge
|
|
if: steps.wait-for-checks.outputs.conclusion == 'success' || steps.wait-for-checks.outcome == 'failure'
|
|
run: gh pr merge --auto --squash "${{ github.event.pull_request.number }}"
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Comment on failure
|
|
if: steps.wait-for-checks.outputs.conclusion == 'failure'
|
|
uses: actions/github-script@v7
|
|
with:
|
|
script: |
|
|
- name: Auto-merge PR
|
|
if: steps.wait-for-ci.outputs.conclusion == 'success'
|
|
uses: pascalgn/automerge-action@v0.16.2
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
MERGE_METHOD: squash
|
|
MERGE_COMMIT_MESSAGE: pull-request-title
|
|
MERGE_DELETE_BRANCH: true
|
|
UPDATE_METHOD: rebase
|
|
|
|
- name: Add blocked label on CI failure
|
|
if: steps.wait-for-ci.outputs.conclusion == 'failure'
|
|
uses: actions/github-script@v7
|
|
with:
|
|
script: |
|
|
github.rest.issues.addLabels({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: context.payload.pull_request.number,
|
|
labels: ['blocked', 'ci-failed']
|
|
});
|
|
|
|
github.rest.issues.createComment({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: context.payload.pull_request.number,
|
|
body: '⚠️ **Checks failed** - Review required before merge.'
|
|
body: '🔴 **CI Failed** - Auto-merge blocked. Check the logs and fix the issue.'
|
|
});
|