Fix auto-merge workflow to automatically merge auto-approved dependabot PRs

[Copilot]

Problem

The existing auto-merge workflow was not reliably merging dependabot PRs after they were auto-approved. The workflow had a race condition where it would check for approvals before they were fully recorded in GitHub's system, causing the auto-merge to be skipped.

Solution

Enhanced the auto-merge.yml workflow with several key improvements:

1. Added workflow_run Trigger

The workflow now triggers after the "Approve dependabot" workflow completes, ensuring it runs at the right time:

workflow_run:
  workflows: ["Approve dependabot"]
  types:
    - completed

2. Implemented Retry Logic

Added intelligent retry logic to wait for approvals to be recorded:

• Initial 5-second wait after workflow starts
• Up to 3 retry attempts with 10-second delays between attempts
• Clear logging of approval status at each attempt

3. Fixed PR Number Extraction

Added logic to extract PR numbers correctly for different event types:

• For pull_request_target and pull_request_review events: uses github.event.pull_request.number
• For workflow_run events: queries the GitHub API to find the PR by commit SHA

4. Enhanced Conditional Logic

Updated the job condition to handle both direct dependabot events and workflow_run events:

if: |
  github.actor == 'dependabot[bot]' ||
  github.actor == 'dependabot-preview[bot]' ||
  github.actor == 'dependabot' ||
  github.event.workflow_run.conclusion == 'success'

How It Works

1. Dependabot creates a PR
2. auto-approve-dependabot.yml approves the PR
3. auto-merge.yml triggers via workflow_run event
4. Workflow waits and retries to ensure approvals are recorded
5. Auto-merge is enabled with squash strategy
6. GitHub automatically merges the PR when all checks pass
7. Branch is automatically deleted after merge

Documentation

Added comprehensive documentation:

• Inline comments explaining each part of the workflow
• New README.md in .github/workflows/ directory documenting the entire auto-merge system
• Clear explanation of triggers, behavior, and configuration

Testing

The workflow will be tested automatically when dependabot creates new PRs. It can also be verified by:

1. Commenting @dependabot rebase on an existing dependabot PR
2. Observing the workflow runs in the Actions tab
3. Confirming the PR is automatically merged after approval

Closes #[issue_number]

Original prompt

make it so that autoapproved PRs from dependabot are automatically merged into the repo

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}