Initial attempt at auto-merge workflow.

2026-02-09 05:00:10 +00:00 · 2025-05-25 16:10:49 -04:00
parent 23f4af6984
commit 290a400fdc
1 changed files with 116 additions and 0 deletions
--- a/.github/workflows/auto-merge.yml
+++ b/.github/workflows/auto-merge.yml
@@ -0,0 +1,116 @@
+name: Auto-Approve Renovate PRs
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - synchronize
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  auto-approve-renovate:
+    name: Auto-Approve Renovate PRs
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate PR Author
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+          PR_BODY: ${{ github.event.pull_request.body }}
+          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+        run: |
+          # Check if PR is from Renovate
+          if [[ "$PR_AUTHOR" != "renovate[bot]" ]]; then
+            echo "This PR is not from Renovate bot. Exiting workflow."
+            exit 1
+          fi
+
+          # Additional validation to ensure it's from Renovate
+          if [[ "$PR_BODY" != *"Renovate Bot"* ]] && [[ "$PR_BODY" != *"renovate[bot]"* ]]; then
+            echo "PR body does not contain Renovate Bot signature. Exiting workflow."
+            exit 1
+          fi
+
+          echo "Validated that this is a Renovate PR"
+
+      - name: Get all labels on the PR
+        id: get-labels
+        run: |
+          labels=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+            -H "Accept: application/vnd.github+json" \
+            "${{ github.event.pull_request.issue_url }}/labels" | jq -r '.[].name')
+          echo "Labels on PR: $labels"
+          echo "labels=$labels" >> $GITHUB_OUTPUT
+
+      - name: Check if PR has 'auto-merge' label
+        if: ${{ !contains(steps.get-labels.outputs.labels, 'auto-merge') }}
+        run: |
+          echo "This PR does not have the 'auto-merge' label. Exiting workflow."
+          exit 1
+
+          echo "Validated that this PR has the 'auto-merge' label"
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Validate changed files
+        env:
+          BASE_SHA: ${{ github.event.pull_request.base.sha }}
+        run: |
+          # Get list of changed files
+          CHANGED_FILES=$(git diff --name-only $BASE_SHA HEAD)
+
+          # Define allowed files
+          allowed_patterns=(
+          '^package\.json$' # Root package.json
+          '^.*\/package\.json$' # Any package.json in subdirectories
+          '^package-lock\.json$' # Root package-lock.json
+          )
+
+          fail=0
+          for file in $CHANGED_FILES; do
+            match=0
+            for pattern in "${allowed_patterns[@]}"; do
+              if [[ "$file" =~ $pattern ]]; then
+                match=1
+                break
+              fi
+            done
+          
+            if [[ "$match" -eq 0 ]]; then
+              echo "Invalid file changed: $file"
+              fail=1
+            fi
+          done
+          
+          if [[ "$fail" -eq 1 ]]; then
+            echo "Workflow failed due to disallowed file changes"
+            exit 1
+          else
+            echo "All changed files match allowed regex patterns"
+          fi
+
+      - name: Setup GitHub CLI
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh auth setup-git
+          gh auth status
+
+      - name: Approve and Auto-merge PR
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          # Approve the PR
+          gh pr review $PR_NUMBER --approve
+
+          # Enable auto-merge
+          gh pr merge $PR_NUMBER --auto --merge
+
+          echo "PR approved and auto-merge enabled"