From 535c611c03af67db66594c4d742e68d6bd6d0994 Mon Sep 17 00:00:00 2001
From: Jacob Evelyn <jevelyn@panoramaed.com>
Date: Tue, 23 Jul 2024 15:45:51 -0400
Subject: [PATCH] IOPZ-2709 Fix bug in Dependabot automerging

This commit fixes a bug where if a safe-for-automerge Dependabot PR gets
created and then rebased in quick succession (for example because
another Depdendabot PR auto-merged), our automation would not re-approve
it after rebase which our branch protection rules require for it to
get merged.
---
 .github/workflows/dependabot-prs.yml | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/dependabot-prs.yml b/.github/workflows/dependabot-prs.yml
index 5a84f7c..df88e34 100644
--- a/.github/workflows/dependabot-prs.yml
+++ b/.github/workflows/dependabot-prs.yml
@@ -39,15 +39,11 @@ jobs:
         # a) it has the `development-dependencies` label, which we add for certain
         #    categories of PRs (see `.github/dependabot.yml`), OR
         # b) Dependabot has categorized it as a `direct:development` dependency,
-        #    meaning it's in the Gemfile in a `development` or `test` group
-        #
-        # Note that we also do nothing when the PR has already had auto-merge
-        # enabled, to prevent scenarios where this check runs many times (for
-        # instance, because removing `Needs QA` triggers another run, or because
-        # other PRs are merging and causing this to rebase and trigger another
-        # run) and then approves the PR many times, which is confusing and looks
-        # awkward.
-        if: ${{ github.actor == 'dependabot[bot]' && (!github.event.pull_request.auto_merge && (contains(github.event.pull_request.labels.*.name, 'development-dependencies') || steps.dependabot-metadata.outputs.dependency-type == 'direct:development')) }}
+        #    meaning it's in the Gemfile in a `development` or `test` group, OR
+        # c) our scripts have flagged the PR as an automergeable dependency (i.e
+        #    a stable dependency with good unit test coverage) that has passed
+        #    the waiting period.
+        if: ${{ (github.actor == 'dependabot[bot]' || github.actor == 'panorama-bot-r') && steps.unique-committers.outputs.committers == '["dependabot[bot]"]' && (contains(github.event.pull_request.labels.*.name, 'development-dependencies') || steps.dependabot-metadata.outputs.dependency-type == 'direct:development' || contains(github.event.pull_request.labels.*.name, 'automerge-dependencies')) }}
         run: gh pr merge --auto --merge "$PR_URL" && gh pr edit "$PR_URL" --remove-label "Needs QA" && gh pr review --approve "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}