|
| 1 | +# Auto-merge — native GitHub auto-merge via GITHUB_TOKEN. No custom App, no |
| 2 | +# AUTOMERGE_* secrets, no reusable workflow. The 2026 pattern. |
| 3 | +# |
| 4 | +# Synced from github-settings-automation/templates/auto-merge.yml by the |
| 5 | +# weekly enforce-repo-settings sweep. Do not hand-edit per-repo. |
| 6 | +# |
| 7 | +# Tier separation (this file vs. github-settings-automation/pr-heal.yml): |
| 8 | +# |
| 9 | +# - THIS FILE (per-repo, event-driven): |
| 10 | +# Fires immediately on PR open/sync/review-submit. Handles BOT and |
| 11 | +# AI-AGENT PRs that should auto-merge with no human latency, plus |
| 12 | +# CodeRabbit-approved manual PRs. |
| 13 | +# |
| 14 | +# - pr-heal.yml Job 0 (central cron, 15-min sweep): |
| 15 | +# Handles OWNER-authored PRs (incl. agents acting via gh CLI auth as |
| 16 | +# ANcpLua) with a 5-min cooldown so reviewer tiers (CodeRabbit, Codex, |
| 17 | +# Claude PR review) land their advisory comments before merge-on-green |
| 18 | +# fires. See PR#170 incident (2026-05-18) for the precedent: owner PR |
| 19 | +# merged before CodeRabbit could submit its 5 actionable comments. |
| 20 | +# |
| 21 | +# The owner-clause that USED to live in this file's `if:` was removed in |
| 22 | +# the same change. Routing owner PRs through the cron tier gives them the |
| 23 | +# cooldown they need without blocking the bot tier. |
| 24 | +# |
| 25 | +# Renovate bot PRs do not need this workflow: Renovate enables native |
| 26 | +# auto-merge itself via `platformAutomerge: true` in the shared preset |
| 27 | +# (github>ANcpLua/renovate-config). |
| 28 | +# |
| 29 | +# Prereqs (one-time per repo): Settings → General → "Allow auto-merge" |
| 30 | +# enabled. Branch protection on `main` lists the required status checks; |
| 31 | +# native auto-merge waits for them. enforce-repo-settings.yml flips |
| 32 | +# allow_auto_merge automatically across the fleet. |
| 33 | +# |
| 34 | +# Background: the AUTOMERGE_APP_ID GitHub App was deleted on 2026-05-12 |
| 35 | +# as an antipattern (single point of failure across N repos, maintenance |
| 36 | +# overhead, and Renovate's platformAutomerge already does the bot tier |
| 37 | +# natively without it). |
| 38 | + |
| 39 | +name: Auto-merge |
| 40 | + |
| 41 | +on: |
| 42 | + pull_request_target: |
| 43 | + types: [opened, synchronize, reopened, ready_for_review] |
| 44 | + pull_request_review: |
| 45 | + types: [submitted] |
| 46 | + |
| 47 | +permissions: |
| 48 | + contents: write |
| 49 | + pull-requests: write |
| 50 | + |
| 51 | +jobs: |
| 52 | + enable-auto-merge: |
| 53 | + runs-on: ubuntu-latest |
| 54 | + if: | |
| 55 | + github.event.pull_request.draft == false && ( |
| 56 | + startsWith(github.event.pull_request.head.ref, 'claude/') || |
| 57 | + startsWith(github.event.pull_request.head.ref, 'copilot/') || |
| 58 | + startsWith(github.event.pull_request.head.ref, 'jules/') || |
| 59 | + (github.event_name == 'pull_request_review' |
| 60 | + && github.event.review.state == 'approved' |
| 61 | + && github.event.review.user.login == 'coderabbitai[bot]') |
| 62 | + ) |
| 63 | + steps: |
| 64 | + - name: Enable native auto-merge (squash) |
| 65 | + env: |
| 66 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 67 | + run: gh pr merge ${{ github.event.pull_request.number }} --auto --squash --repo ${{ github.repository }} |
0 commit comments