Merge pull request #2846 from internetee/auto_merge

Automated pull request merging

Author: vohmar

.github/dependabot.yml

@@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    allow:
+      - dependency-type: "direct"
+    open-pull-requests-limit: 10
+    

.github/workflows/auto-merge.yml

@@ -0,0 +1,85 @@
+name: Auto approve & merge Dependabot and Renovate PRs
+
+on:
+  pull_request:
+    types: [opened, edited, synchronize, reopened, labeled]
+    branches: [master]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  auto-approve-merge:
+    runs-on: ubuntu-latest
+    if: (github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]') && github.repository == 'internetee/registry'
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Install GitHub CLI
+        run: |
+          curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg
+          echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
+          sudo apt update
+          sudo apt install gh
+
+      - name: Auto approve PR
+        uses: hmarr/auto-approve-action@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Fetch Dependabot metadata
+        if: github.actor == 'dependabot[bot]'
+        id: metadata
+        uses: dependabot/fetch-metadata@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Check if PR should be auto-merged
+        id: check_auto_merge
+        run: |
+          if [ "${{ github.actor }}" == "dependabot[bot]" ]; then
+            if [[ "${{ steps.metadata.outputs.update-type }}" == "version-update:semver-patch" ]]; then
+              echo "auto_merge=true" >> $GITHUB_OUTPUT
+              echo "Auto-merge: Dependabot patch update detected"
+            else
+              echo "auto_merge=false" >> $GITHUB_OUTPUT
+              echo "Auto-merge: Dependabot non-patch update, skipping"
+            fi
+          elif [ "${{ github.actor }}" == "renovate[bot]" ]; then
+            # Check if PR has patch label (set by renovate.json configuration)
+            # Extract label names from the labels array
+            LABEL_NAMES=$(echo '${{ toJson(github.event.pull_request.labels) }}' | jq -r '.[].name' | tr '\n' ' ')
+            if [[ "$LABEL_NAMES" == *"patch"* ]] || [[ "$LABEL_NAMES" == *"bundler"* ]] || [[ "$LABEL_NAMES" == *"ruby-version"* ]] || [[ "$LABEL_NAMES" == *"github-actions"* ]]; then
+              echo "auto_merge=true" >> $GITHUB_OUTPUT
+              echo "Auto-merge: Renovate patch update detected (label-based): $LABEL_NAMES"
+            else
+              echo "auto_merge=false" >> $GITHUB_OUTPUT
+              echo "Auto-merge: Renovate non-patch update, skipping. Labels: $LABEL_NAMES"
+            fi
+          else
+            echo "auto_merge=false" >> $GITHUB_OUTPUT
+            echo "Auto-merge: Unknown actor, skipping"
+          fi
+        shell: bash
+
+      - name: Wait for CI checks
+        if: steps.check_auto_merge.outputs.auto_merge == 'true'
+        uses: lewagon/[email protected]
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          wait-interval: 30
+
+      - name: Auto-merge PR
+        if: steps.check_auto_merge.outputs.auto_merge == 'true'
+        run: |
+          echo "Attempting to auto-merge PR #${{ github.event.pull_request.number }}"
+          gh pr merge --auto --merge ${{ github.event.pull_request.number }} || {
+            echo "Auto-merge failed, but continuing..."
+            exit 0
+          }
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          

.github/workflows/ruby.yml

@@ -1,5 +1,5 @@
 name: Github Testing
-on: [push]
+on: [push, pull_request]
 
 jobs:
   test:

renovate.json

@@ -4,18 +4,57 @@
   ],
   "packageRules": [
     {
-      "matchUpdateTypes": ["minor", "patch", "pin", "digest"],
+      "matchUpdateTypes": ["patch", "pin", "digest"],
+      "automerge": true,
+      "automergeType": "pr",
+      "addLabels": ["patch", "dependencies"],
+      "requiredStatusChecks": null
+    },
+    {
+      "matchUpdateTypes": ["minor"],
       "automerge": false,
-      "automergeType": "pr"
+      "addLabels": ["minor"]
+    },
+    {
+      "matchUpdateTypes": ["major"],
+      "automerge": false,
+      "addLabels": ["major"]
+    },
+    {
+      "matchDepTypes": ["ruby", "bundler", "Gemfile", "Gemfile.lock"],
+      "matchUpdateTypes": ["patch"],
+      "addLabels": ["bundler", "dependencies"],
+      "automerge": true,
+      "automergeType": "pr",
+      "requiredStatusChecks": null
     },
     {
       "matchDepTypes": ["ruby", "bundler", "Gemfile", "Gemfile.lock"],
-      "addLabels": ["bundler"]
+      "matchUpdateTypes": ["minor", "major"],
+      "addLabels": ["bundler"],
+      "automerge": false
     },
     {
       "matchDepTypes": [".ruby-version"],
+      "matchUpdateTypes": ["patch"],
+      "addLabels": ["ruby-version", "dependencies"],
+      "automerge": true,
+      "automergeType": "pr",
+      "requiredStatusChecks": null
+    },
+    {
+      "matchDepTypes": [".ruby-version"],
+      "matchUpdateTypes": ["minor", "major"],
       "addLabels": ["ruby-version"],
       "automerge": false
+    },
+    {
+      "matchFileNames": [".github/workflows/ruby.yml"],
+      "matchUpdateTypes": ["patch", "minor"],
+      "addLabels": ["github-actions", "dependencies"],
+      "automerge": true,
+      "automergeType": "pr",
+      "requiredStatusChecks": null
     }
   ],
   "docker": {