From 879e345c4d6c4cfc49cab965cb73986da2f16c41 Mon Sep 17 00:00:00 2001
From: ancplua <anfh22@outlook.com>
Date: Tue, 5 May 2026 07:35:21 +0200
Subject: [PATCH 1/2] ci(auto-merge): consume reusable workflow from
 renovate-config

Replaces the local 154-line auto-merge workflow with a 23-line thin
caller that delegates to ANcpLua/renovate-config/.github/workflows/
auto-merge-reusable.yml@main.

The reusable workflow uses a GitHub App installation token instead of
GITHUB_TOKEN, fixing the cascade-block bug: native auto-merge under
GITHUB_TOKEN identity silently drops the resulting push: main event,
preventing downstream publish workflows from triggering.

Required secrets in this repo:
  AUTOMERGE_APP_ID
  AUTOMERGE_APP_PRIVATE_KEY

See https://github.com/ANcpLua/renovate-config#auto-merge-reusable-workflow

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/auto-merge.yml | 146 ++-----------------------------
 1 file changed, 8 insertions(+), 138 deletions(-)

diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
index da8a2d0..0fa82ba 100644
--- a/.github/workflows/auto-merge.yml
+++ b/.github/workflows/auto-merge.yml
@@ -1,11 +1,9 @@
-# Auto-merge workflow for trusted PRs
+# Thin caller — delegates to the reusable workflow at
+# ANcpLua/renovate-config (single source of truth across the framework).
 #
-# Tiers:
-# 1a. Dependabot PRs: Auto-approve + auto-merge for patch/minor
-# 1b. Renovate PRs: Auto-approve + auto-merge
-# 2.  AI Agent fix PRs (copilot/, jules/, claude/): Auto-merge when CI passes
-# 3.  CodeRabbit approved PRs: Auto-merge when CI passes
-# 4.  Owner PRs: Auto-merge when CI passes
+# Required secrets in this repo:
+#   AUTOMERGE_APP_ID, AUTOMERGE_APP_PRIVATE_KEY
+# See https://github.com/ANcpLua/renovate-config#auto-merge-reusable-workflow
 
 name: Auto-merge
 
@@ -20,134 +18,6 @@ permissions:
   pull-requests: write
 
 jobs:
-  dependabot-auto-merge:
-    name: Dependabot auto-merge
-    runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
-
-    steps:
-      - name: Fetch Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Auto-approve patch and minor updates
-        if: steps.metadata.outputs.update-type != 'version-update:semver-major'
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh pr review --approve "$PR_URL"
-
-      - name: Enable auto-merge for patch and minor
-        if: steps.metadata.outputs.update-type != 'version-update:semver-major'
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh pr merge --auto --squash "$PR_URL"
-
-      - name: Request Claude review for major updates
-        if: steps.metadata.outputs.update-type == 'version-update:semver-major'
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          DEP_NAMES: ${{ steps.metadata.outputs.dependency-names }}
-          PREV_VERSION: ${{ steps.metadata.outputs.previous-version }}
-          NEW_VERSION: ${{ steps.metadata.outputs.new-version }}
-        run: |
-          gh pr comment "$PR_URL" --body "## ⚠️ Major Version Update
-
-          @claude Please review this major version update for breaking changes and merge if safe.
-
-          | Dependency | Update |
-          |------------|--------|
-          | \`$DEP_NAMES\` | \`$PREV_VERSION\` → \`$NEW_VERSION\` |
-
-          Check the changelog and verify compatibility."
-
-  renovate-auto-merge:
-    name: Renovate auto-merge
-    runs-on: ubuntu-latest
-    if: github.actor == 'renovate[bot]'
-
-    steps:
-      - name: Auto-approve Renovate PRs
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh pr review --approve "$PR_URL"
-
-      - name: Enable auto-merge for Renovate
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh pr merge --auto --squash "$PR_URL"
-
-  ai-agent-auto-merge:
-    name: AI Agent auto-merge
-    runs-on: ubuntu-latest
-    if: |
-      (github.actor == 'copilot[bot]' || github.actor == 'jules[bot]' || github.actor == 'claude-code[bot]') &&
-      (
-        startsWith(github.event.pull_request.head.ref, 'copilot/') ||
-        startsWith(github.event.pull_request.head.ref, 'jules/') ||
-        startsWith(github.event.pull_request.head.ref, 'claude/')
-      )
-
-    steps:
-      - name: Identify AI agent
-        id: agent
-        env:
-          BRANCH: ${{ github.event.pull_request.head.ref }}
-        run: |
-          if [[ "$BRANCH" == copilot/* ]]; then
-            echo "agent=Copilot" >> "$GITHUB_OUTPUT"
-          elif [[ "$BRANCH" == jules/* ]]; then
-            echo "agent=Jules" >> "$GITHUB_OUTPUT"
-          elif [[ "$BRANCH" == claude/* ]]; then
-            echo "agent=Claude" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Auto-approve AI agent PRs
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          AGENT: ${{ steps.agent.outputs.agent }}
-        run: |
-          echo "Auto-approving $AGENT PR"
-          gh pr review --approve "$PR_URL" --body "✅ Auto-approved: $AGENT autonomous fix PR"
-
-      - name: Enable auto-merge for AI agent PRs
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh pr merge --auto --squash "$PR_URL"
-
-  coderabbit-auto-merge:
-    name: CodeRabbit auto-merge
-    runs-on: ubuntu-latest
-    if: |
-      github.event_name == 'pull_request_review' &&
-      github.event.review.state == 'approved' &&
-      github.event.review.user.login == 'coderabbitai[bot]'
-
-    steps:
-      - name: Enable auto-merge for CodeRabbit approved PRs
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh pr merge --auto --squash "$PR_URL"
-
-  owner-auto-merge:
-    name: Owner auto-merge
-    runs-on: ubuntu-latest
-    if: |
-      github.event.pull_request.user.login == github.event.repository.owner.login &&
-      github.event.pull_request.draft == false
-
-    steps:
-      - name: Enable auto-merge for owner PRs
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh pr merge --auto --squash "$PR_URL"
+  auto-merge:
+    uses: ANcpLua/renovate-config/.github/workflows/auto-merge-reusable.yml@main
+    secrets: inherit

From 23aea091e3133ef49fe3d1b10e675c03fc18f5d1 Mon Sep 17 00:00:00 2001
From: ancplua <anfh22@outlook.com>
Date: Tue, 5 May 2026 13:11:44 +0200
Subject: [PATCH 2/2] =?UTF-8?q?chore(ci):=20bump=20claude-code-review=20fe?=
 =?UTF-8?q?tch-depth=2020=20=E2=86=92=20100?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Larger PRs occasionally need base-branch context beyond the last 20
commits. Costs ~2-3s extra checkout time.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/claude-code-review.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
index 146161f..9a5931e 100644
--- a/.github/workflows/claude-code-review.yml
+++ b/.github/workflows/claude-code-review.yml
@@ -32,7 +32,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           ref: ${{ github.event.pull_request.head.ref }}
-          fetch-depth: 20
+          fetch-depth: 100
 
       - name: Run Claude Code Review (agentic)
         id: claude-review