Add workflow to auto-approve workflow runs on main branch

[Copilot]

Workflow runs triggered on main that land in action_required state (e.g. first-time contributor forks) are never automatically approved, requiring manual intervention.

Changes

• New workflow .github/workflows/autoapprove_workflow_runs.yml:
  • Triggers on workflow_run completed events across all workflows ('*')
  • Single approve job gated by a YAML-level if — no logic inside the script:

    if: ${{ github.event.workflow_run.conclusion == 'action_required' && github.event.workflow_run.head_branch == 'main' }}

  • Approves the run via gh api POST .../actions/runs/$RUN_ID/approve
  • Requires only actions: write; run ID passed via env var to avoid injection

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Approve workflows on main branch</issue_title>
<issue_description>Create a new workflow that approves workflow runs that need approval. Trigger should be workflows completed. The only job should have an if (on yml level), not inside the script checking whether the conclusion indicates that an approval js required. Similar, it should only allow the job to run if the branch is main.</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Approve workflows on main branch #2960

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

Adds a GitHub Actions workflow to automatically approve workflow_run executions on main that end up in action_required, avoiding manual approvals.

Changes:

• Introduces a new .github/workflows/autoapprove_workflow_runs.yml workflow.
• Triggers on workflow_run (completed) and conditionally runs an approval job.
• Uses gh api with actions: write to approve the run by ID.