From 0006182ead91607b2dae6e9e98dba78c62d5bbda Mon Sep 17 00:00:00 2001
From: burnettk <burnettk@users.noreply.github.com>
Date: Fri, 10 Jun 2022 17:42:19 -0400
Subject: [PATCH] auto-merge dependabot pull requests when tests pass

---
 .../workflows/auto-merge-dependabot-prs.yml   | 66 +++++++++++++++----
 .github/workflows/labeler.yml                 |  1 -
 .github/workflows/tests.yml                   | 13 ++++
 3 files changed, 68 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/auto-merge-dependabot-prs.yml b/.github/workflows/auto-merge-dependabot-prs.yml
index a13e4391..fafd9636 100644
--- a/.github/workflows/auto-merge-dependabot-prs.yml
+++ b/.github/workflows/auto-merge-dependabot-prs.yml
@@ -2,27 +2,71 @@ name: Dependabot auto-merge
 on:
   workflow_run:
     workflows: ["Tests"]
+    # completed does not mean success of Tests workflow. see below checking github.event.workflow_run.conclusion
     types:
       - completed
 
+# workflow_call is used to indicate that a workflow can be called by another workflow. When a workflow is triggered with the workflow_call event, the event payload in the called workflow is the same event payload from the calling workflow. For more information see, "Reusing workflows."
+
+# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
+# maybe hook into this instead of workflow_run:
+# on:
+#   pull_request:
+#   pull_request_target:
+#     types: [labeled]
+
 permissions:
   contents: write
 
 jobs:
+  # print the context for debugging in case a job gets skipped
+  printJob:
+    name: Print event
+    runs-on: ubuntu-latest
+    steps:
+    - name: Dump GitHub context
+      env:
+        GITHUB_CONTEXT: ${{ toJson(github) }}
+      run: |
+        echo "$GITHUB_CONTEXT"
+
   dependabot:
     runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' && github.event.workflow_run.conclusion == 'success' && github.event_name == 'pull_request' }}
+    if: ${{ github.actor == 'dependabot[bot]' && github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }}
     steps:
-      - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v1.1.1
+      - name: Development Code
+        uses: actions/checkout@v3
+
+      ###### GET PR NUMBER
+      # we saved the pr_number in tests.yml. fetch it so we can merge the correct PR.
+      # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run
+      - name: 'Download artifact'
+        uses: actions/github-script@v6
         with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Enable auto-merge for Dependabot PRs
-        # if: ${{contains(steps.metadata.outputs.dependency-names, 'pytest') && steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
-        # if: ${{contains(steps.metadata.outputs.dependency-names, 'pytest')}}
-        # ideally we auto-merge if all checks pass
-        run: gh pr merge --auto --merge "$PR_URL"
+          script: |
+            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: context.payload.workflow_run.id,
+            });
+            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "pr_number"
+            })[0];
+            let download = await github.rest.actions.downloadArtifact({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              artifact_id: matchArtifact.id,
+              archive_format: 'zip',
+            });
+            let fs = require('fs');
+            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_number.zip`, Buffer.from(download.data));
+      - name: 'Unzip artifact'
+        run: unzip pr_number.zip
+      ###########
+
+      - name: print pr number
+        run: cat pr_number
+      - name: actually merge it
+        run: gh pr merge --auto --merge "$(cat pr_number)"
         env:
-          PR_URL: ${{github.event.pull_request.html_url}}
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index f39cfa6c..f1955376 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -4,7 +4,6 @@ on:
   push:
     branches:
       - main
-      - master
 
 jobs:
   labeler:
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 6d7b3a34..13d2f5aa 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -219,3 +219,16 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      # part about saving PR number and then using it from auto-merge-dependabot-prs from:
+      # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run
+      - name: Save PR number
+        if: ${{ github.event_name == 'pull_request' }}
+        env:
+          PR_NUMBER: ${{ github.event.number }}
+        run: |
+          mkdir -p ./pr
+          echo "$PR_NUMBER" > ./pr/pr_number
+      - uses: actions/upload-artifact@v3
+        with:
+          name: pr_number
+          path: pr/