From 1e586b81e4712d7ae0bfd023ba59a9ec828589d2 Mon Sep 17 00:00:00 2001
From: James McKinney <26463+jpmckinney@users.noreply.github.com>
Date: Mon, 25 Nov 2024 11:59:02 -0500
Subject: [PATCH] ci: Reuse workflow for automerge

---
 .github/workflows/automerge.yml | 37 +++++----------------------------
 1 file changed, 5 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
index 55365732..cd8b8984 100644
--- a/.github/workflows/automerge.yml
+++ b/.github/workflows/automerge.yml
@@ -1,35 +1,8 @@
-# The pull_request_target workflow trigger is dangerous. Do not add unrelated logic to this workflow.
-# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
-# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
 name: Auto-merge
 on: pull_request_target
-permissions:
-  pull-requests: write  # to approve the PR
-  contents: write  # to merge the PR
 jobs:
-  dependabot:
-    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
-    runs-on: ubuntu-latest
-    steps:
-      - id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v2
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-      - if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' || steps.dependabot-metadata.outputs.package-ecosystem == 'github_actions' }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh pr review --approve ${{ github.event.pull_request.html_url }}
-      - if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' || steps.dependabot-metadata.outputs.package-ecosystem == 'github_actions' }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh pr merge --auto --squash ${{ github.event.pull_request.html_url }}
-  precommit:
-    if: ${{ github.event.pull_request.user.login == 'pre-commit-ci[bot]' }}
-    runs-on: ubuntu-latest
-    steps:
-      - env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh pr review --approve ${{ github.event.pull_request.html_url }}
-      - env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh pr merge --auto --squash ${{ github.event.pull_request.html_url }}
+  automerge:
+    uses: open-contracting/.github/.github/workflows/automerge.yml@main
+    permissions:
+      pull-requests: write
+      contents: write