From dca69b3124b2babcdc51e52a37b0346a3a117f76 Mon Sep 17 00:00:00 2001
From: Pil0tXia <xiatian@apache.org>
Date: Thu, 18 Apr 2024 10:46:17 +0800
Subject: [PATCH] Use GitHub CLI `comment`

---
 .../{auto-merge-dependabot.yml => auto-dependabot.yml}   | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)
 rename .github/workflows/{auto-merge-dependabot.yml => auto-dependabot.yml} (81%)

diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-dependabot.yml
similarity index 81%
rename from .github/workflows/auto-merge-dependabot.yml
rename to .github/workflows/auto-dependabot.yml
index f0d8fde5..e1a29133 100644
--- a/.github/workflows/auto-merge-dependabot.yml
+++ b/.github/workflows/auto-dependabot.yml
@@ -23,6 +23,8 @@ permissions:
   pull-requests: write
 
 jobs:
+  # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
+  # Pull request Auto merge is not enabled for this repository
   dependabot:
     runs-on: ubuntu-latest
     if: github.actor == 'dependabot[bot]'
@@ -33,15 +35,16 @@ jobs:
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
 
-      - name: Approve a PR
+      - name: Approve PR
         run: gh pr review --approve "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
 
-      - name: Enable auto-merge for Dependabot PRs
+      # comment '@dependabot merge' to merge the PR
+      - name: Comment and Merge PR
         if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
-        run: gh pr merge --auto --merge "$PR_URL"
+        run: gh pr comment $PR_URL -b "@dependabot merge"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
\ No newline at end of file