name: Dependabot Automerge
permissions:
  contents: write
  pull-requests: write
  # `actions: write` lets the post-merge step kick off Node.js Package on
  # the default branch via `gh workflow run`. Without this, automerge'd
  # PRs land on main but the on-push release job never fires (GitHub
  # Actions intentionally suppresses on:push triggers when the push is
  # authenticated with GITHUB_TOKEN).
  actions: write
on:
  workflow_run:
    workflows:
      - Node.js Package
    types:
      - completed

jobs:
  automerge:
    if: >
      github.event.workflow_run.conclusion == 'success' &&
      github.event.workflow_run.event == 'push' &&
      github.event.workflow_run.actor.login == 'dependabot[bot]'
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Automerge
        id: automerge
        uses: "pascalgn/automerge-action@v0.16.4"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          MERGE_METHOD: squash
          MERGE_LABELS: ""
          MERGE_RETRY_SLEEP: "100000"

      - name: Trigger release on default branch
        # `pascalgn/automerge-action` exits 0 whether or not it merged. Skip
        # the dispatch when nothing was actually merged so we don't kick a
        # phantom release run on every Dependabot Automerge invocation.
        if: steps.automerge.outputs.mergeResult == 'merged'
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: gh workflow run test-and-release.yml --ref ${{ github.event.repository.default_branch }}