chore: use github bot for approving PR

Author: sweatybridge

.github/dependabot.yml

@@ -6,10 +6,9 @@ updates:
       interval: "cron"
       cronjob: "0 0 * * *"
     groups:
-      action-minor:
-        update-types:
-          - minor
-          - patch
+      actions-major:
+        patterns:
+          - "*"
   - package-ecosystem: "gomod"
     directories:
       - "/"
@@ -28,10 +27,9 @@ updates:
       interval: "cron"
       cronjob: "0 0 * * *"
     groups:
-      npm-minor:
-        update-types:
-          - minor
-          - patch
+      npm-major:
+        patterns:
+          - "*"
   - package-ecosystem: "docker"
     directory: "pkg/config/templates"
     schedule:

.github/workflows/api-sync.yml

@@ -2,7 +2,8 @@ name: API Sync
 
 on:
   repository_dispatch:
-    types: [api-sync]
+    types:
+      - api-sync
   workflow_dispatch: # allow manual triggering
 
 # Add explicit permissions
@@ -57,12 +58,15 @@ jobs:
             Changes were detected in the generated API code after syncing with the latest spec from infrastructure.
           branch: sync/api-types
           base: develop
-          labels: |
-            automated pr
-            api-sync
+
+      - name: Approve a PR
+        if: steps.check.outputs.has_changes == 'true'
+        run: gh pr review --approve "${{ steps.cpr.outputs.pull-request-number }}"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Enable Pull Request Automerge
         if: steps.check.outputs.has_changes == 'true'
         run: gh pr merge --auto --squash "${{ steps.cpr.outputs.pull-request-number }}"
         env:
-          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/automerge.yml

@@ -22,24 +22,17 @@ jobs:
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
 
-      - name: Generate token
-        id: app-token
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: ${{ secrets.APP_ID }}
-          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
-
       # Here the PR gets approved.
       - name: Approve a PR
         if: ${{ steps.meta.outputs.update-type == 'version-update:semver-patch' || (!startsWith(steps.meta.outputs.previous-version, '0.') && steps.meta.outputs.update-type == 'version-update:semver-minor') }}
         run: gh pr review --approve "${{ github.event.pull_request.html_url }}"
         env:
-          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       # Finally, this sets the PR to allow auto-merging for patch and minor
       # updates if all checks pass
       - name: Enable auto-merge for Dependabot PRs
         if: ${{ steps.meta.outputs.update-type == 'version-update:semver-patch' || (!startsWith(steps.meta.outputs.previous-version, '0.') && steps.meta.outputs.update-type == 'version-update:semver-minor') }}
         run: gh pr merge --auto --squash "${{ github.event.pull_request.html_url }}"
         env:
-          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}