deps: Update actions/checkout action to v7 #11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Auto-merge — native GitHub auto-merge via GITHUB_TOKEN. No custom App, no | |
| # AUTOMERGE_* secrets, no reusable workflow. The 2026 pattern. | |
| # | |
| # Synced from github-settings-automation/templates/auto-merge.yml by the | |
| # weekly enforce-repo-settings sweep. Do not hand-edit per-repo. | |
| # | |
| # Tier separation (this file vs. github-settings-automation/pr-heal.yml): | |
| # | |
| # - THIS FILE (per-repo, event-driven): | |
| # Fires immediately on PR open/sync/review-submit. Handles BOT and | |
| # AI-AGENT PRs that should auto-merge with no human latency, plus | |
| # CodeRabbit-approved manual PRs. | |
| # | |
| # - pr-heal.yml Job 0 (central cron, 15-min sweep): | |
| # Handles OWNER-authored PRs (incl. agents acting via gh CLI auth as | |
| # ANcpLua) with a 5-min cooldown so reviewer tiers (CodeRabbit, Codex, | |
| # Claude PR review) land their advisory comments before merge-on-green | |
| # fires. See PR#170 incident (2026-05-18) for the precedent: owner PR | |
| # merged before CodeRabbit could submit its 5 actionable comments. | |
| # | |
| # The owner-clause that USED to live in this file's `if:` was removed in | |
| # the same change. Routing owner PRs through the cron tier gives them the | |
| # cooldown they need without blocking the bot tier. | |
| # | |
| # Renovate bot PRs do not need this workflow: Renovate enables native | |
| # auto-merge itself via `platformAutomerge: true` in the shared preset | |
| # (github>ANcpLua/renovate-config). | |
| # | |
| # Prereqs (one-time per repo): Settings → General → "Allow auto-merge" | |
| # enabled. Branch protection on `main` lists the required status checks; | |
| # native auto-merge waits for them. enforce-repo-settings.yml flips | |
| # allow_auto_merge automatically across the fleet. | |
| # | |
| # Background: the AUTOMERGE_APP_ID GitHub App was deleted on 2026-05-12 | |
| # as an antipattern (single point of failure across N repos, maintenance | |
| # overhead, and Renovate's platformAutomerge already does the bot tier | |
| # natively without it). | |
| name: Auto-merge | |
| on: | |
| pull_request_target: | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| pull_request_review: | |
| types: [submitted] | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| enable-auto-merge: | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event.pull_request.draft == false && ( | |
| startsWith(github.event.pull_request.head.ref, 'claude/') || | |
| startsWith(github.event.pull_request.head.ref, 'copilot/') || | |
| startsWith(github.event.pull_request.head.ref, 'jules/') || | |
| (github.event_name == 'pull_request_review' | |
| && github.event.review.state == 'approved' | |
| && github.event.review.user.login == 'coderabbitai[bot]') | |
| ) | |
| steps: | |
| - name: Enable native auto-merge (squash) | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: gh pr merge ${{ github.event.pull_request.number }} --auto --squash --repo ${{ github.repository }} |