From ea2193f1e99962358e332b1ef325d22e205a510b Mon Sep 17 00:00:00 2001
From: AtomicFS <vojtech.vesely@9elements.com>
Date: Fri, 15 Nov 2024 16:17:55 +0100
Subject: [PATCH] fix(ci/automerge): use PAT token

- GitHub does not allow ordinary GITHUB_TOKEN to trigger other
  workflows, probably to avoid endless recursion
- using PAT might fix this

Signed-off-by: AtomicFS <vojtech.vesely@9elements.com>
---
 .github/workflows/bot--automerge.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/bot--automerge.yml b/.github/workflows/bot--automerge.yml
index 1baf9a56..8ea955e5 100644
--- a/.github/workflows/bot--automerge.yml
+++ b/.github/workflows/bot--automerge.yml
@@ -10,6 +10,7 @@ permissions: read-all
 
 jobs:
   # Enable auto-merge on all pull requests by default
+  # Docs: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
   enable-auto-merge:
     runs-on: ubuntu-latest
     permissions:
@@ -21,12 +22,14 @@ jobs:
         uses: actions/checkout@v4
       - name: Enable pull request auto-merge
         run: |
-          gh pr merge --auto "${{ github.event.pull_request.number }}"
+          gh pr merge --auto "${PR_URL}"
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.GH_PAT_AUTOMERGE }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
 
   # If PR is made by dependabot, automatically approve the PR
   # Linting and all checks will still have to pass in order for the PR to be merged
+  # Docs: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#approve-a-pull-request
   auto-approve-dependabot:
     runs-on: ubuntu-latest
     permissions:
@@ -36,8 +39,9 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Auto approve dependabot pull requests
-        if: github.actor == 'dependabot[bot]'
+        if: ${{ github.actor == 'dependabot[bot]' }}
         run: |
-          gh pr review "${{ github.event.pull_request.number }}" --approve
+          gh pr review "${PR_URL}" --approve
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}