From 16ffc4e9d9f32c3680fe46c04be1bfe4cde7b524 Mon Sep 17 00:00:00 2001
From: Tom Keller <1083460+kellertk@users.noreply.github.com>
Date: Tue, 5 Nov 2024 15:55:23 -0800
Subject: [PATCH] chore: remove mergify (#1196)

* feat: autoapprove dependabot PRs without mergify

* chore: remove mergify

* fix: approve dependabot PRs as OSDS bot
---
 .github/workflows/automerge-approved-prs.yml  | 34 ++++++++++++++
 .github/workflows/dependabot-autoapprove.yml  | 37 +++++++++++++++
 .../{package.yml => package-dist.yml}         |  0
 .mergify.yml                                  | 46 -------------------
 4 files changed, 71 insertions(+), 46 deletions(-)
 create mode 100644 .github/workflows/automerge-approved-prs.yml
 create mode 100644 .github/workflows/dependabot-autoapprove.yml
 rename .github/workflows/{package.yml => package-dist.yml} (100%)
 delete mode 100644 .mergify.yml

diff --git a/.github/workflows/automerge-approved-prs.yml b/.github/workflows/automerge-approved-prs.yml
new file mode 100644
index 0000000..b16bcba
--- /dev/null
+++ b/.github/workflows/automerge-approved-prs.yml
@@ -0,0 +1,34 @@
+on:
+  pull_request_review:
+    types: submitted
+
+jobs:
+  approved_pr:
+    name: Automerge approved PRs
+    permissions:
+      contents: write
+      pull-requests: write
+    if: >-
+      github.event.review.state == 'approved' &&
+      github.event.repository == 'aws/configure-aws-credentials' &&
+      (github.event.review.author_association == 'OWNER' || github.event.review.user.login == 'aws-sdk-osds')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-west-2
+          role-to-assume: ${{ secrets.SECRETS_AWS_PACKAGING_ROLE_TO_ASSUME }}
+          role-duration-seconds: 900
+          role-session-name: SecretsManagerFetch
+      - name: Get bot user token
+        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          parse-json-secrets: true
+          secret-ids: |
+            OSDS,arn:aws:secretsmanager:us-west-2:206735643321:secret:github-aws-sdk-osds-automation-gebs9n
+      - name: Enable PR automerge
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ env.OSDS_ACCESS_TOKEN }}
diff --git a/.github/workflows/dependabot-autoapprove.yml b/.github/workflows/dependabot-autoapprove.yml
new file mode 100644
index 0000000..e205cd2
--- /dev/null
+++ b/.github/workflows/dependabot-autoapprove.yml
@@ -0,0 +1,37 @@
+name: Dependabot auto-approve
+on: pull_request
+permissions:
+  pull-requests: write
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'aws/configure-aws-credentials'
+    steps:
+      - name: Get Metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v2
+      - uses: actions/checkout@v4
+        name: Clone repo
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-west-2
+          role-to-assume: ${{ secrets.SECRETS_AWS_PACKAGING_ROLE_TO_ASSUME }}
+          role-duration-seconds: 900
+          role-session-name: SecretsManagerFetch
+      - name: Get bot user token
+        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          parse-json-secrets: true
+          secret-ids: |
+            OSDS,arn:aws:secretsmanager:us-west-2:206735643321:secret:github-aws-sdk-osds-automation-gebs9n
+      - name: Approve PR if not already approved
+        run: |
+          gh pr checkout "$PR_URL"
+          if [ "$(gh pr status --json reviewDecision - q .currentBranch.reviewDecision)" != "APPROVED" ]; then
+            gh pr review "$PR_URL" --approve
+          else echo "PR already approved"
+          fi
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ env.OSDS_ACCESS_TOKEN }}
diff --git a/.github/workflows/package.yml b/.github/workflows/package-dist.yml
similarity index 100%
rename from .github/workflows/package.yml
rename to .github/workflows/package-dist.yml
diff --git a/.mergify.yml b/.mergify.yml
deleted file mode 100644
index ee2ab06..0000000
--- a/.mergify.yml
+++ /dev/null
@@ -1,46 +0,0 @@
-queue_rules:
-  - name: default
-    conditions:
-      # Conditions to merge a queued PR
-      - check-success=Run unit tests (windows-latest)
-      - check-success=Run unit tests (ubuntu-latest)
-      - check-success=Run unit tests (macos-latest)
-      - "#approved-reviews-by>=1"
-      - -approved-reviews-by~=author
-
-pull_request_rules:
-  - name: Automatically merge on CI success and review approval
-    conditions:
-      - base~=main|integ-tests
-      - "#approved-reviews-by>=1"
-      - -approved-reviews-by~=author
-      - check-success=Run unit tests (windows-latest)
-      - check-success=Run unit tests (ubuntu-latest)
-      - check-success=Run unit tests (macos-latest)
-      - label!=work-in-progress
-      - -title~=(WIP|wip)
-      - -merged
-      - -closed
-      - author!=dependabot[bot]
-    actions:
-      queue:
-        method: squash
-        name: default
-
-  - name: Automatically approve and merge Dependabot PRs
-    conditions:
-      - base~=main
-      - author=dependabot[bot]
-      - check-success=Run unit tests (windows-latest)
-      - check-success=Run unit tests (ubuntu-latest)
-      - check-success=Run unit tests (macos-latest)
-      - -title~=(WIP|wip)
-      - -label~=(blocked|do-not-merge)
-      - -merged
-      - -closed
-    actions:
-      review:
-        type: APPROVE
-      queue:
-        method: squash
-        name: default