From 173d1ae388d3ac15c375f5e5a571b65fa31f7b68 Mon Sep 17 00:00:00 2001
From: Lexus Drumgold <unicornware@flexdevelopment.llc>
Date: Mon, 15 Aug 2022 22:25:41 -0400
Subject: [PATCH] ci(workflows): reimplement @dependabot auto approve and merge

Signed-off-by: Lexus Drumgold <unicornware@flexdevelopment.llc>
---
 .dictionary.txt                             |  2 +
 .github/dependabot-auto-merge.yml           |  9 ---
 .github/workflows/dependabot-auto-merge.yml | 26 --------
 .github/workflows/dependabot-auto.yml       | 74 +++++++++++++++++++++
 4 files changed, 76 insertions(+), 35 deletions(-)
 delete mode 100644 .github/dependabot-auto-merge.yml
 delete mode 100644 .github/workflows/dependabot-auto-merge.yml
 create mode 100644 .github/workflows/dependabot-auto.yml

diff --git a/.dictionary.txt b/.dictionary.txt
index 75998f3d..39651b30 100644
--- a/.dictionary.txt
+++ b/.dictionary.txt
@@ -21,12 +21,14 @@ esbenp
 fbca
 fpnv
 gpgsign
+hmarr
 iife
 lcov
 lintstagedrc
 micnncim
 mkdist
 nocheck
+noreply
 npmjs
 npmrc
 nums
diff --git a/.github/dependabot-auto-merge.yml b/.github/dependabot-auto-merge.yml
deleted file mode 100644
index 5f42fb03..00000000
--- a/.github/dependabot-auto-merge.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-# Dependabot Auto Merge Configuration
-#
-# References:
-#
-# - https://github.com/ahmadnassri/action-dependabot-auto-merge#match-properties
-
-- match:
-  dependency_type: all
-  update_type: all
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
deleted file mode 100644
index 0d58090e..00000000
--- a/.github/workflows/dependabot-auto-merge.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-# Dependabot Auto Merge
-#
-# Automatically approve pull requests, then squash and merge PR after all status
-# checks have passed.
-#
-# References:
-#
-# - https://github.com/ahmadnassri/action-dependabot-auto-merge
-# - https://github.com/ahmadnassri/action-dependabot-auto-merge/issues/60
-
----
-name: dependabot-auto-merge
-on: pull_request_target
-jobs:
-  auto:
-    name: Auto approve pull request, then squash and merge
-    if: github.actor == 'dependabot[bot]'
-    runs-on: ubuntu-latest
-    steps:
-      - id: approve-squash-merge
-        uses: ahmadnassri/action-dependabot-auto-merge@v2.6.0
-        with:
-          approve: true
-          command: squash and merge
-          config: .github/dependabot-auto-merge.yml
-          github-token: ${{ secrets.PAT_REPO_ADMIN }}
diff --git a/.github/workflows/dependabot-auto.yml b/.github/workflows/dependabot-auto.yml
new file mode 100644
index 00000000..8cc3c9be
--- /dev/null
+++ b/.github/workflows/dependabot-auto.yml
@@ -0,0 +1,74 @@
+# Dependabot Auto
+#
+# Automatically approve Dependabot pull requests and enable auto-merge.
+#
+# Note: @dependabot generates Yarn v1 lockfiles despite this project using a different Yarn version.
+# This breaks the project lockfile. A workaround has been implemented to autofix lockfiles and
+# deduplicate dependencies. See https://github.com/dependabot/dependabot-core/issues/1297 to check
+# if the workaround is safe to remove.
+#
+# References:
+#
+# - https://cli.github.com/manual/gh_pr_merge
+# - https://cli.github.com/manual/gh_pr_review
+# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request
+# - https://docs.github.com/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
+# - https://github.com/actions/checkout
+# - https://github.com/actions/setup-node
+# - https://github.com/dependabot/fetch-metadata
+# - https://github.com/hmarr/debug-action
+
+---
+name: dependabot-auto
+on: pull_request
+permissions:
+  contents: write
+  pull-requests: write
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  YARN_ENABLE_IMMUTABLE_INSTALLS: false
+jobs:
+  dependabot-auto:
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    steps:
+      - id: debug
+        name: Print environment variables and event payload
+        uses: hmarr/debug-action@v2.0.1
+      - id: metadata
+        name: Fetch metadata
+        uses: dependabot/fetch-metadata@v1.3.3
+        with:
+          skip-commit-verification: true
+      - id: checkout
+        name: Checkout ${{ github.head_ref }}
+        uses: actions/checkout@v3.0.2
+        with:
+          persist-credentials: ${{ steps.metadata.outputs.package-ecosystem == 'npm' }}
+          ref: ${{ github.head_ref }}
+      - id: lockfile-fix
+        name: Fix yarn.lock
+        if: steps.metadata.outputs.package-ecosystem == 'npm'
+        run: yarn --mode=update-lockfile
+      - id: dedupe
+        name: Deduplicate dependencies
+        if: steps.metadata.outputs.package-ecosystem == 'npm'
+        run: yarn dedupe --mode=update-lockfile
+      - id: lockfile-push
+        name: Push yarn.lock
+        if: steps.metadata.outputs.package-ecosystem == 'npm'
+        run: |
+          git config --global user.name '${{ github.actor }}'
+          git config --global user.email '49699333+${{ github.actor }}@users.noreply.github.com'
+          git add yarn.lock
+          git status
+          git diff-index --quiet HEAD || git commit -m 'chore(yarn): fix lockfile' && git push -f
+      - id: approve-pr
+        name: Approve pull request
+        run: gh pr review ${{ github.event.number }} --approve
+      - id: enable-auto-merge
+        name: Enable auto-merge
+        if: |
+          steps.metadata.outputs.package-ecosystem == 'github-actions' ||
+          steps.metadata.outputs.update-type != 'version-update:semver-major'
+        run: gh pr merge ${{ github.event.number }} --auto --squash