From 2434e0ab3b47af06ccbe29c9facbb20d3efc2465 Mon Sep 17 00:00:00 2001
From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com>
Date: Wed, 28 Jan 2026 13:59:01 +0100
Subject: [PATCH] feat(workflow): auto-approve and merge github-versions PR

---
 .github/workflows/update-versions-github.yml | 102 +++++++++++--------
 1 file changed, 57 insertions(+), 45 deletions(-)

diff --git a/.github/workflows/update-versions-github.yml b/.github/workflows/update-versions-github.yml
index 4733359f4..b4206cb41 100644
--- a/.github/workflows/update-versions-github.yml
+++ b/.github/workflows/update-versions-github.yml
@@ -12,6 +12,8 @@ permissions:
 
 env:
   VERSIONS_FILE: frontend/public/json/github-versions.json
+  BRANCH_NAME: automated/update-github-versions
+  AUTOMATED_PR_LABEL: "automated pr"
 
 jobs:
   update-github-versions:
@@ -19,6 +21,20 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+
+      - name: Generate a token for PR approval and merge
+        id: generate-token-merge
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.APP_ID_APPROVE_AND_MERGE }}
+          private-key: ${{ secrets.APP_KEY_APPROVE_AND_MERGE }}
+
       - name: Checkout Repository
         uses: actions/checkout@v4
         with:
@@ -166,53 +182,49 @@ jobs:
             git diff --stat "$VERSIONS_FILE" 2>/dev/null || true
           fi
 
-      - name: Create Pull Request
+      - name: Commit and push changes
+        if: steps.check-changes.outputs.changed == 'true'
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+          git add "$VERSIONS_FILE"
+          git commit -m "chore: update github-versions.json"
+          git checkout -b $BRANCH_NAME || git checkout $BRANCH_NAME
+          git push origin $BRANCH_NAME --force
+
+      - name: Create pull request if not exists
+        if: steps.check-changes.outputs.changed == 'true'
+        env:
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+        run: |
+          PR_EXISTS=$(gh pr list --head "${BRANCH_NAME}" --json number --jq '.[].number')
+          if [ -z "$PR_EXISTS" ]; then
+            gh pr create --title "[Github Action] Update github-versions.json" \
+                         --body "This PR is auto-generated by a Github Action to update the github-versions.json file." \
+                         --head $BRANCH_NAME \
+                         --base main \
+                         --label "$AUTOMATED_PR_LABEL"
+          fi
+
+      - name: Approve pull request
         if: steps.check-changes.outputs.changed == 'true'
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          BRANCH_NAME="automated/update-github-versions-$(date +%Y%m%d)"
-
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-          git config --global user.name "GitHub Actions[bot]"
-
-          # Check if branch exists and delete it
-          git push origin --delete "$BRANCH_NAME" 2>/dev/null || true
-
-          git checkout -b "$BRANCH_NAME"
-          git add "$VERSIONS_FILE"
-          git commit -m "chore: update github-versions.json
-
-          Total versions: $(jq '.versions | length' "$VERSIONS_FILE")
-          Pinned versions: $(jq '[.versions[] | select(.pinned == true)] | length' "$VERSIONS_FILE")
-          Generated: $(jq -r '.generated' "$VERSIONS_FILE")"
-
-          git push origin "$BRANCH_NAME" --force
-
-          # Check if PR already exists
-          existing_pr=$(gh pr list --head "$BRANCH_NAME" --state open --json number --jq '.[0].number // empty')
-
-          if [[ -n "$existing_pr" ]]; then
-            echo "PR #$existing_pr already exists, updating..."
-          else
-            gh pr create \
-              --title "[Automated] Update GitHub versions" \
-              --body "This PR updates version information from GitHub releases.
-
-          ## How it works
-          1. Scans all JSON files in \`frontend/public/json/\` for slugs
-          2. Finds corresponding \`install/{slug}-install.sh\` scripts
-          3. Extracts \`fetch_and_deploy_gh_release\` calls
-          4. Fetches latest (or pinned) version from GitHub
-
-          ## Stats
-          - Total versions: $(jq '.versions | length' "$VERSIONS_FILE")
-          - Pinned versions: $(jq '[.versions[] | select(.pinned == true)] | length' "$VERSIONS_FILE")
-          - Latest versions: $(jq '[.versions[] | select(.pinned == false)] | length' "$VERSIONS_FILE")
-
-          ---
-          *Automatically generated from install scripts*" \
-              --base main \
-              --head "$BRANCH_NAME" \
-              --label "automated pr"
+          PR_NUMBER=$(gh pr list --head "${BRANCH_NAME}" --json number --jq '.[].number')
+          if [ -n "$PR_NUMBER" ]; then
+            gh pr review $PR_NUMBER --approve
+          fi
+
+      - name: Approve pull request and merge
+        if: steps.check-changes.outputs.changed == 'true'
+        env:
+          GH_TOKEN: ${{ steps.generate-token-merge.outputs.token }}
+        run: |
+          git config --global user.name "github-actions-automege[bot]"
+          git config --global user.email "github-actions-automege[bot]@users.noreply.github.com"
+          PR_NUMBER=$(gh pr list --head "${BRANCH_NAME}" --json number --jq '.[].number')
+          if [ -n "$PR_NUMBER" ]; then
+            gh pr review $PR_NUMBER --approve
+            gh pr merge $PR_NUMBER --squash --admin
           fi