From 133374706c361a04bb4519a7aec4da829ad55dc1 Mon Sep 17 00:00:00 2001
From: skyero-aws <skyero@amazon.com>
Date: Tue, 1 Apr 2025 11:02:17 -0700
Subject: [PATCH] Dependabot auto merge addition in github workflows (#1459)

Dependabot auto-merge feature. Auto-merge triggers for dependabot depencency pull requests that are patches and have a cvss level greater than zero.
---
 .github/dependabot.yml      | 55 ++++++++++++++++++-------------------
 .github/workflows/maven.yml | 33 +++++++++++++++++-----
 2 files changed, 53 insertions(+), 35 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index fb2bfd8f..2e1091d9 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,32 +1,31 @@
 version: 2
 updates:
-# branch - master
-- package-ecosystem: "maven"
-  directory: "/"
-  labels:
-    - "dependencies"
-    - "v3.x"
-  target-branch: "master"
-  schedule:
-    interval: "weekly"
+  # branch - master
+  - package-ecosystem: "maven"
+    directory: "/"
+    labels:
+      - "dependencies"
+      - "v3.x"
+    target-branch: "master"
+    schedule:
+      interval: "weekly"
 
-# branch - v2.x
-- package-ecosystem: "maven"
-  directory: "/"
-  labels:
-    - "dependencies"
-    - "v2.x"
-  target-branch: "v2.x"
-  schedule:
-    interval: "weekly"
-
-# branch - v1.x
-- package-ecosystem: "maven"
-  directory: "/"
-  labels:
-    - "dependencies"
-    - "v1.x"
-  target-branch: "v1.x"
-  schedule:
-    interval: "weekly"
+  # branch - v2.x
+  - package-ecosystem: "maven"
+    directory: "/"
+    labels:
+      - "dependencies"
+      - "v2.x"
+    target-branch: "v2.x"
+    schedule:
+      interval: "weekly"
 
+  # branch - v1.x
+  - package-ecosystem: "maven"
+    directory: "/"
+    labels:
+      - "dependencies"
+      - "v1.x"
+    target-branch: "v1.x"
+    schedule:
+      interval: "weekly"
\ No newline at end of file
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 81fca35b..500260bf 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -7,20 +7,25 @@
 # documentation.
 
 name: Java CI with Maven
-
 on:
   push:
     branches:
       - "master"
+      - "v2.x"
+      - "v1.x"
   pull_request:
     branches:
       - "master"
+      - "v2.x"
+      - "v1.x"
+
+permissions:
+  contents: write
+  pull-requests: write
 
 jobs:
   build:
-
     runs-on: ubuntu-latest
-
     steps:
       - uses: actions/checkout@v4
       - name: Set up JDK 8
@@ -30,11 +35,8 @@ jobs:
           distribution: 'corretto'
       - name: Build with Maven
         run: mvn -B package --file pom.xml -DskipITs
-
   backwards-compatible-check:
-
     runs-on: ubuntu-latest
-
     steps:
       - uses: actions/checkout@v4
       - name: Set up JDK 8
@@ -43,4 +45,21 @@ jobs:
           java-version: '8'
           distribution: 'corretto'
       - name: Check backwards compatibility of changes
-        run: .github/scripts/backwards_compatibility_check.sh
\ No newline at end of file
+        run: .github/scripts/backwards_compatibility_check.sh
+  auto-merge:
+    needs: [build]
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          alert-lookup: true
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Enable auto-merge for Dependabot PRs
+        if: steps.metadata.outputs.update-type == 'version-update:semver-patch' && steps.metadata.outputs.cvss > 0
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
\ No newline at end of file