Fix auto-merge workflow#1398
Merged
Merged
Conversation
Updated the auto-merge workflow to enhance eligibility checks and streamline approval processes for specific bots.
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughThe auto-merge GitHub Actions workflow is changed to run on Changes
Sequence Diagram(s)sequenceDiagram
participant PR as PR (pull_request_target)
participant Workflow as GitHub Actions Workflow
participant GHMeta as GitHub API (metadata)
participant App as GitHub App (token)
participant Actions as Approval / Auto-merge
PR->>Workflow: trigger on PR events
Workflow->>GHMeta: fetch PR & Dependabot metadata (uses github.token)
GHMeta-->>Workflow: returns author/update-type
Workflow->>Workflow: evaluate eligibility (bot check, dependabot update-type)
alt eligible
Workflow->>App: generate GitHub App token (app auth)
App-->>Workflow: app_token
Workflow->>Actions: approve PR (use app_token)
Actions-->>Workflow: approval result
Workflow->>Actions: enable auto-merge
Actions-->>Workflow: enabled
else not eligible
Workflow-->>PR: skip approval/auto-merge
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
github-actions
Bot
added
bug
Contributor
Coverage Report
File CoverageNo changed files found. |
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the GitHub Actions auto-merge workflow to run in a safer pull_request_target context and to centralize eligibility logic for bot-authored PRs before auto-approving and enabling auto-merge.
Changes:
- Switch workflow trigger from
pull_requesttopull_request_targetwith selected PR event types. - Add an explicit eligibility step to decide whether the PR should be approved/auto-merged (app bot always; Dependabot patch updates only).
- Gate GitHub App token generation and subsequent
ghapproval/auto-merge steps behind the eligibility result.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (2)
.github/workflows/auto-merge.yml (2)
14-17: Add concurrency control for repeated PR events.
opened/synchronizecan produce overlapping runs on the same PR. A concurrency group avoids redundant approvals/merge attempts and reduces noisy failures.Suggested reliability diff
jobs: auto-merge: name: Approve and enable auto-merge runs-on: ubuntu-latest + concurrency: + group: auto-merge-pr-${{ github.event.pull_request.number }} + cancel-in-progress: true🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/auto-merge.yml around lines 14 - 17, The auto-merge workflow job "auto-merge" can run overlapping builds for the same PR; add a GitHub Actions concurrency stanza to the workflow (at the job or workflow root) that sets a group based on the pull request identifier (e.g., using github.event.pull_request.number or github.ref) and enable cancel-in-progress: true so concurrent runs for the same PR are serialized/canceled; update the "auto-merge" job definition to include this concurrency group to prevent redundant approvals/merge attempts.
3-9: Scope auto-merge to intended base branches explicitly.Line 3 and Lines 22-29 don’t currently constrain
base.ref, so this can run for bot PRs targeting any branch. If this is intended only fordevelop, add an explicit branch guard.Suggested hardening diff
on: pull_request_target: + branches: + - develop types: - opened - reopened - synchronize - ready_for_reviewAlso applies to: 22-29
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/auto-merge.yml around lines 3 - 9, The workflow trigger is not scoped to a target branch so auto-merge can run for PRs to any branch; add an explicit branch guard by adding a branches filter under on.pull_request_target (e.g. branches: ['develop']) and also add runtime guards where the job/step references github.event.pull_request.base.ref (use if: github.event.pull_request.base.ref == 'develop') so the auto-merge logic only runs for PRs targeting develop; update both the top-level trigger and the other place that checks base.ref (the auto-merge job/steps) to include these checks.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.github/workflows/auto-merge.yml:
- Around line 14-17: The auto-merge workflow job "auto-merge" can run
overlapping builds for the same PR; add a GitHub Actions concurrency stanza to
the workflow (at the job or workflow root) that sets a group based on the pull
request identifier (e.g., using github.event.pull_request.number or github.ref)
and enable cancel-in-progress: true so concurrent runs for the same PR are
serialized/canceled; update the "auto-merge" job definition to include this
concurrency group to prevent redundant approvals/merge attempts.
- Around line 3-9: The workflow trigger is not scoped to a target branch so
auto-merge can run for PRs to any branch; add an explicit branch guard by adding
a branches filter under on.pull_request_target (e.g. branches: ['develop']) and
also add runtime guards where the job/step references
github.event.pull_request.base.ref (use if: github.event.pull_request.base.ref
== 'develop') so the auto-merge logic only runs for PRs targeting develop;
update both the top-level trigger and the other place that checks base.ref (the
auto-merge job/steps) to include these checks.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
Run ID: ad91d9c4-1368-40b3-85ca-fba35d6a546d
📒 Files selected for processing (1)
.github/workflows/auto-merge.yml
Co-authored-by: Copilot Autofix powered by AI <[email protected]>
Contributor
Rust Backend Coverage ReportCoverage Details |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated the auto-merge workflow to enhance eligibility checks and streamline approval processes for specific bots.
Summary
Related Issues
Type of Change
fix/branch)feat/branch)refactor/branch)docs/branch)chore/branch)Screenshots / Videos
Test Plan
Checklist
npm run lint && npm run format/cargo tauri-lint && cargo tauri-fmt)npm test/cargo tauri-test)Summary by CodeRabbit