CreatePdf.NET/.github/workflows/auto-merge.yml at main · ANcpLua/CreatePdf.NET · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# Auto-merge — native GitHub auto-merge via GITHUB_TOKEN. No custom App, no
# AUTOMERGE_* secrets, no reusable workflow. The 2026 pattern.
#
# Synced from github-settings-automation/templates/auto-merge.yml by the
# weekly enforce-repo-settings sweep. Do not hand-edit per-repo.
#
# Tier separation (this file vs. github-settings-automation/pr-heal.yml):
#
# - THIS FILE (per-repo, event-driven):
#     Fires immediately on PR open/sync/review-submit. Handles BOT and
#     AI-AGENT PRs that should auto-merge with no human latency, plus
#     CodeRabbit-approved manual PRs.
#
# - pr-heal.yml Job 0 (central cron, 15-min sweep):
#     Handles OWNER-authored PRs (incl. agents acting via gh CLI auth as
#     ANcpLua) with a 5-min cooldown so reviewer tiers (CodeRabbit, Codex,
#     Claude PR review) land their advisory comments before merge-on-green
#     fires. See PR#170 incident (2026-05-18) for the precedent: owner PR
#     merged before CodeRabbit could submit its 5 actionable comments.
#
# The owner-clause that USED to live in this file's `if:` was removed in
# the same change. Routing owner PRs through the cron tier gives them the
# cooldown they need without blocking the bot tier.
#
# Renovate bot PRs do not need this workflow: Renovate enables native
# auto-merge itself via `platformAutomerge: true` in the shared preset
# (github>ANcpLua/renovate-config).
#
# Prereqs (one-time per repo): Settings → General → "Allow auto-merge"
# enabled. Branch protection on `main` lists the required status checks;
# native auto-merge waits for them. enforce-repo-settings.yml flips
# allow_auto_merge automatically across the fleet.
#
# Background: the AUTOMERGE_APP_ID GitHub App was deleted on 2026-05-12
# as an antipattern (single point of failure across N repos, maintenance
# overhead, and Renovate's platformAutomerge already does the bot tier
# natively without it).

name: Auto-merge

on:
  pull_request_target:
    types: [opened, synchronize, reopened, ready_for_review]
  pull_request_review:
    types: [submitted]

permissions:
  contents: write
  pull-requests: write

jobs:
  enable-auto-merge:
    runs-on: ubuntu-latest
    if: |
      github.event.pull_request.draft == false && (
        startsWith(github.event.pull_request.head.ref, 'claude/') ||
        startsWith(github.event.pull_request.head.ref, 'copilot/') ||
        startsWith(github.event.pull_request.head.ref, 'jules/') ||
        (github.event_name == 'pull_request_review'
         && github.event.review.state == 'approved'
         && github.event.review.user.login == 'coderabbitai[bot]')
      )
    steps:
      - name: Enable native auto-merge (squash)
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: gh pr merge ${{ github.event.pull_request.number }} --auto --squash --repo ${{ github.repository }}