Fix Dependabot auto-merge workflow to retry on approvals and CI completions

[Copilot]

The workflow only triggered on pull_request, attempting to enable auto-merge before branch protection requirements were met. It never retried after approvals or CI checks completed.

Changes

Event triggers

• Added pull_request_review to retry after approvals
• Added check_suite (completed) to retry after CI checks

Filtering for check_suite events

• Job condition: verify PR exists and branch starts with dependabot/
• Step validation: fetch PR details via gh pr view, confirm author is dependabot[bot] and base is main
• Validate PR number is numeric before use

Error handling

if ! gh pr merge --auto --merge "$PR_NUMBER" 2>&1 | tee /tmp/output.txt; then
  if grep -qE "auto-merge is already enabled|not authorized|Required.*status.*check|Required.*approv" /tmp/output.txt; then
    exit 0  # Expected when requirements not yet met
  else
    exit 1  # Unexpected error
  fi
fi

Gracefully handles:

• Auto-merge already enabled
• Branch protection requirements not satisfied (approval, checks)
• Only fails on unexpected errors

Result

Auto-merge enables automatically once all branch protection requirements are met, regardless of when they complete.

Original prompt

Problem

The Dependabot auto-merge workflow is failing to enable auto-merge on PRs. Based on the workflow run at https://github.com/Framework-R-D/phlex/actions/runs/22060327554/job/63738674115?pr=326, the workflow attempted to enable auto-merge when the PR was first opened, but this failed (likely due to lack of approval required by branch protection rules).

The current workflow only runs on the pull_request event, which triggers when the PR is opened. It does not retry when an approval is added, so even after the PR is approved, auto-merge is never enabled.

Solution Required

Update the .github/workflows/dependabot-auto-merge.yml workflow to:

1. Trigger on additional events that indicate the PR might now be ready to merge:

   • pull_request_review - when a review (including approval) is submitted
   • check_suite completion or status updates - when CI checks complete

2. Handle the case where auto-merge is already enabled - the workflow should not fail if auto-merge is already enabled

3. Keep the existing restrictions:

   • Only run for Dependabot PRs
   • Only run for PRs targeting the main branch

Current Workflow

The current workflow at .github/workflows/dependabot-auto-merge.yml looks like this:

name: Dependabot auto-merge
on: pull_request

permissions:
  contents: write
  pull-requests: write

jobs:
  dependabot:
    runs-on: ubuntu-latest
    if: |
      github.event.pull_request.user.login == 'dependabot[bot]' &&
      github.event.pull_request.base.ref == 'main'
    steps:
      - name: Dependabot metadata
        id: metadata
        uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7
        with:
          github-token: "${{ secrets.GITHUB_TOKEN }}"
      
      - name: Enable auto-merge for Dependabot PRs
        run: gh pr merge --auto --merge "$PR_URL"
        env:
          PR_URL: ${{github.event.pull_request.html_url}}
          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

Expected Behavior

After the fix:

• When a Dependabot PR is opened, the workflow attempts to enable auto-merge (may fail due to missing approval)
• When the PR is approved, the workflow runs again and successfully enables auto-merge
• When all branch protection requirements are met (approvals + successful checks), the PR automatically merges

Additional Context

• PR Bump github/codeql-action from 4.32.2 to 4.32.3 #326 is the example where this failed: Bump github/codeql-action from 4.32.2 to 4.32.3 #326
• The workflow run that failed: https://github.com/Framework-R-D/phlex/actions/runs/22060327554/job/63738674115?pr=326
• The repository has branch protection rules requiring approval before merge

This pull request was created from Copilot chat.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[greenc-FNAL]

@phlexbot format

[github-actions]

No automatic markdownlint fixes were necessary.

[github-actions]

Automatic cmake-format fixes pushed (commit 5b66f2a).
⚠️ Note: Some issues may require manual review and fixing.

[github-actions]

No automatic jsonnetfmt fixes were necessary.

[github-actions]

No automatic clang-format fixes were necessary.

[Copilot]

Pull request overview

This PR fixes the Dependabot auto-merge workflow to retry enabling auto-merge when branch protection requirements are satisfied. The workflow previously only triggered on pull_request events and failed when requirements (approvals, CI checks) weren't yet met. It also includes minor CMake formatting improvements.

Changes:

• Added pull_request_review and check_suite event triggers to retry after approvals and CI completions
• Implemented robust error handling to gracefully handle expected failures when requirements aren't met
• Added PR details validation for check_suite events to ensure proper Dependabot PR identification
• Applied gersemi CMake formatting to consolidate multi-line REGEX REPLACE commands

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
.github/workflows/dependabot-auto-merge.yaml	Added retry triggers (pull_request_review, check_suite), PR validation for check_suite events, and error handling for expected failure cases
Modules/private/CreateCoverageTargets.cmake	Formatting: consolidated multi-line REGEX REPLACE to single line (lines 267-268, 445-446)
Modules/Findjsonnet.cmake	Formatting: consolidated multi-line REGEX REPLACE to single line (lines 10-11, 53-54)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

@@            Coverage Diff             @@
##             main     #327      +/-   ##
==========================================
+ Coverage   80.20%   80.23%   +0.03%     
==========================================
  Files         127      127              
  Lines        3102     3102              
  Branches      547      547              
==========================================
+ Hits         2488     2489       +1     
  Misses        386      386              
+ Partials      228      227       -1     

Flag	Coverage Δ
unittests	80.23% <ø> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c2b7fd8...cb2bcd7. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.