ci: auto-merge windows definition PRs reliably

2026-06-12 11:01:35 -07:00 · 2026-06-04 23:38:19 +02:00
parent 4be3e81aef
commit ade17cfd05
2 changed files with 46 additions and 7 deletions
@@ -49,7 +49,6 @@ jobs:
          if [ "$pr_title" != "$title" ] ||
             [ "$base_ref" != "master" ] ||
             [ "$head_ref" != "$branch" ] ||
-             [ "$author" != "app/github-actions" ] ||
             [ "$is_cross_repository" != "false" ] ||
             [ "$file_count" != "1" ] ||
             [ "$files" != "$expected_file" ]; then
@@ -58,6 +57,24 @@ jobs:
            exit 0
          fi

+          if [ "$author" != "app/github-actions" ] &&
+             [ "$author" != "github-actions" ] &&
+             [ "$author" != "github-actions[bot]" ]; then
+            echo "PR #$pr_number is from unexpected author $author; skipping."
+            echo "should_merge=false" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          for attempt in {1..12}; do
+            if [ "$merge_state" = "CLEAN" ] || [ "$merge_state" = "HAS_HOOKS" ]; then
+              break
+            fi
+
+            echo "PR #$pr_number mergeStateStatus=$merge_state; waiting for GitHub to finish evaluating mergeability ($attempt/12)."
+            sleep 10
+            merge_state="$(gh pr view "$pr_number" --json mergeStateStatus --jq .mergeStateStatus)"
+          done
+
          if [ "$merge_state" != "CLEAN" ] && [ "$merge_state" != "HAS_HOOKS" ]; then
            echo "Refusing to merge PR #$pr_number because mergeStateStatus=$merge_state"
            echo "should_merge=false" >> "$GITHUB_OUTPUT"
@@ -75,12 +92,22 @@ jobs:
          PR_NUMBER: ${{ steps.bot_pr.outputs.pr_number }}
          COMMIT_TITLE: ${{ steps.bot_pr.outputs.title }}
        run: |
-          gh api \
-            -X PUT \
-            -H "Accept: application/vnd.github+json" \
-            "/repos/${{ github.repository }}/pulls/${PR_NUMBER}/merge" \
-            -f merge_method=squash \
-            -f commit_title="$COMMIT_TITLE"
+          for attempt in {1..6}; do
+            if gh api \
+              -X PUT \
+              -H "Accept: application/vnd.github+json" \
+              "/repos/${{ github.repository }}/pulls/${PR_NUMBER}/merge" \
+              -f merge_method=squash \
+              -f commit_title="$COMMIT_TITLE"; then
+              exit 0
+            fi
+
+            echo "Merge attempt $attempt failed for PR #$PR_NUMBER; retrying."
+            sleep 10
+          done
+
+          echo "Failed to merge trusted windows definitions bot PR #$PR_NUMBER after retries."
+          exit 1

  chack_agent_triage:
    if: ${{ github.event.workflow_run.conclusion == 'success' }}
@@ -68,4 +68,16 @@ jobs:
              --body "Automated update of \`build_lists/windows_version_exploits.json\`. The generated JSON passed \`build_lists/validate_windows_version_defs.py\` before this PR was updated."
          fi

+          pr_number="$(gh pr list --state open --head "$branch" --base master --json number --jq '.[0].number')"
+          if [ -z "$pr_number" ]; then
+            echo "Could not resolve the generated pull request after creating/updating it."
+            exit 1
+          fi
+
          gh workflow run PR-tests.yml --ref "$branch"
+
+          if gh pr merge "$pr_number" --squash --auto --subject "$title"; then
+            echo "Auto-merge enabled for PR #$pr_number."
+          else
+            echo "Could not enable GitHub auto-merge for PR #$pr_number; the PR-tests workflow_run merge job will still merge it after tests pass."
+          fi