General icon indicating copy to clipboard operation
General copied to clipboard
verified publisher icon JuliaRegistries

WIP: use automerge v1

Open ericphanson opened this issue 2 months ago • 2 comments

Note: I'm getting this ready but AutoMerge v1 is not released yet

AutoMerge v1 Migration

This PR migrates the AutoMerge workflow from the pre-v1 API to AutoMerge v1, which separates PR validation from PR merging.

Changes

The monolithic automerge.yml workflow has been split into three separate workflows:

  1. automerge_check.yml - Validates PRs using AutoMerge.check_pr(). Runs on pull_request events only. Has limited token access (read + commit status) and runs untrusted package code.

  2. automerge_merge.yml - Merges approved PRs using AutoMerge.merge_prs(). Runs on schedule and workflow_dispatch events only (never on PRs). Has write token access but never executes untrusted code.

  3. automerge_stopwatch.yml - Polling mechanism that maintains the 8-minute merge cadence. Triggers on PR events, schedule, and workflow_dispatch. Checks time since last merge and triggers automerge_merge.yml via workflow_dispatch when needed.

Implementation Details

  • API migration: RegistryCI.AutoMerge.run()AutoMerge.check_pr() / AutoMerge.merge_prs()
  • Project directory: .ci/.ci/AutoMerge/ for check/merge workflows
  • Token environment variable: AUTOMERGE_TAGBOT_TOKENAUTOMERGE_MERGE_TOKEN
  • Configuration: Now uses AutoMerge.general_registry_config() instead of keyword arguments
  • AutoMerge is now a standalone package (no longer a RegistryCI submodule)

Stopwatch Mechanism

The stopwatch workflow runs on every PR event from non-forks, providing frequent polling intervals to maintain the 8-minute merge cadence. Without PR events, it would only check every 4 hours (cron schedule). This preserves the existing behavior where PR activity drives continuous merge operations.

Security Model

The split ensures that workflows running untrusted code (PR validation) never have access to merge credentials, while workflows with merge access never run on PR events or execute untrusted code. We already had this split by very finnicky IF conditions in our workflows, but this should make it much clearer and more straightforward. I.e. there is not an active security problem that this is fixing.

written with Claude, but checked by me

ericphanson avatar Oct 20 '25 21:10 ericphanson

This pull request has been inactive for 30 days and will be automatically closed 7 days from now. If this pull request should not be closed, please either (1) fix the AutoMerge issues and re-trigger Registrator, which will automatically update the pull request, or (2) post a comment explaining why you would like this pull request to be manually merged. [noblock]

github-actions[bot] avatar Nov 20 '25 12:11 github-actions[bot]

This pull request has been inactive for more than 30 days and has automatically been closed. Feel free to register your package or version again once you fix the AutoMerge issues. [noblock]

github-actions[bot] avatar Nov 27 '25 12:11 github-actions[bot]