action.yml

name: "Dependabot auto-merge 2.0"

description: "Approves and merges Dependabot PRs"

inputs:
  VAULT_URL:
    description: "Vault URL"
    required: true
runs:
  using: "composite"
  steps:
    - name: Retrieve Github Token
      id: vault
      uses: hashicorp/vault-action@v2.4.3
      with:
        url: ${{ inputs.VAULT_URL }}
        role: ${{ github.event.repository.name }}-github-action
        method: jwt
        path: github-actions
        exportEnv: false
        secrets: |
          github/token/${{ github.event.repository.name }}-dependabot token | GITHUB_MERGE_TOKEN ;
    - name: approve PR
      uses: actions/github-script@v6.3.3
      with:
        github-token: ${{ steps.vault.outputs.GITHUB_MERGE_TOKEN }}
        script: |
          const opts = github.rest.pulls.listReviews.endpoint.merge({
            pull_number: context.payload.pull_request.number,
            owner: context.payload.repository.owner.login,
            repo: context.payload.repository.name,
          });

          const reviews = await github.paginate(opts);

          const ourReview = reviews.find(
            (review) =>
              review.state === "APPROVED" && review.user && review.user.login === "contentful-automation[bot]"
          );

          if (ourReview) {
            console.log(
              `The user "${ourReview.user.login}" has already approved and requested this PR is merged, exiting`
            );
          } else {
            github.rest.pulls.createReview({
              owner: context.payload.repository.owner.login,
              repo: context.payload.repository.name,
              pull_number: context.payload.pull_request.number,
              event: 'APPROVE',
              body: ''
            })
          }
    - name: Get merge type
      id: merge-type
      uses: actions/github-script@v6.3.3
      with:
        github-token: ${{ steps.vault.outputs.GITHUB_MERGE_TOKEN }}
        script: |
          const repo = await github.rest.repos.get({
            owner: context.payload.repository.owner.login,
            repo: context.payload.repository.name,
          });

          const methods = new Map([
            ['squash', repo.data.allow_squash_merge],
            ['merge', repo.data.allow_merge_commit],
            ['rebase', repo.data.allow_rebase_merge],
          ]);

          console.log(methods)

          const allowedMethods = [...methods.entries()]
            .filter(([_, allowed]) => allowed)
            .map(([method]) => method);

          // just pick the first one
          const mergeMethod = allowedMethods[0];

          if (!mergeMethod) {
            throw new Error("No allowed merge method found");
          }

          return mergeMethod;
    - name: Enable auto merge
      shell: bash
      run: |
        merge_method="$(echo ${{ steps.merge-type.outputs.result }} | tr -d '"')"
        echo "Auto merging PR using method $merge_method"
        gh pr merge --delete-branch "--$merge_method" --auto ${{ github.event.pull_request.html_url }}
      env:
        # Note: The GH_TOKEN env var is required for now, even though it contradicts GH's documentation. If not present we
        # were seeing an error message like this one: https://github.com/github/docs/issues/21930#issuecomment-1310122605
        GH_TOKEN: ${{ github.token }}