.github/workflows/dependabot-fixup.yml

name: Dependabot PR fixup

on:
  workflow_dispatch:
  pull_request:
    branches:
      - main
    types:
      - opened
      - synchronize

jobs:
  pr_fixup:
    name: PR Fixup
    if: github.event_name == 'workflow_dispatch' || github.actor == 'dependabot[bot]'
    runs-on: ubuntu-latest
    outputs:
      commit_hash: ${{ steps.auto_commit.outputs.commit_hash }}
    permissions:
      contents: write
    steps:
      - name: Setup .NET
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: |
            7.0.x
            6.0.x
      - name: Checkout PR
        uses: actions/checkout@v4
        with:
          persist-credentials: true
      - name: Update lockfiles
        run: dotnet restore --use-lock-file
      - id: auto_commit
        name: Commit changes
        uses: stefanzweifel/git-auto-commit-action@v5
        with:
          commit_message: Update lockfiles

  ci:
    name: Run CI-Pipeline
    needs:
      - pr_fixup
    if: github.event_name == 'workflow_dispatch' || github.actor == 'dependabot[bot]'
    uses: ./.github/workflows/ci.yml
    with:
      ref: ${{ needs.pr_fixup.outputs.commit_hash }}

  pr_automerge:
    name: Enable Automerge
    needs:
      - pr_fixup
      - ci
    if: github.event_name == 'workflow_dispatch' || github.actor == 'dependabot[bot]'
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Fetch dependabot metadata
        id: metadata
        uses: dependabot/fetch-metadata@v2
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
      - name: Enable auto-merge
        run: gh pr merge --auto --merge "$PR_URL"
        env:
          PR_URL: ${{ github.event.pull_request.html_url }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}