name: Auto Merge

on:
  pull_request:
    types: [opened, reopened, ready_for_review]

permissions:
  contents: write
  pull-requests: write

env:
  GH_REPO: ${{ github.repository }}

jobs:
  merge:
    runs-on: ubuntu-latest
    if: github.event.pull_request.draft == false
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Enable auto-merge
        uses: actions/github-script@v7
        env:
          PR_NUMBER: ${{ github.event.pull_request.number }}
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const author = context.payload.pull_request.user.login;
            const association = context.payload.pull_request.author_association;

            // Trusted bot accounts (act as org members)
            const trustedBots = ['google-labs-jules[bot]'];
            const isTrustedBot = trustedBots.includes(author);

            // Check author association from webhook payload
            const trusted = ['MEMBER', 'OWNER', 'COLLABORATOR'];
            if (!isTrustedBot && !trusted.includes(association)) {
              core.info(`${author} is ${association} — skipping auto-merge`);
              return;
            }

            try {
              await exec.exec('gh', [
                'pr', 'merge', process.env.PR_NUMBER,
                '--auto',
                '--merge',
                '-R', `${context.repo.owner}/${context.repo.repo}`
              ]);
              core.info(`Auto-merge enabled for #${process.env.PR_NUMBER}`);
            } catch (error) {
              core.error(`Failed to enable auto-merge: ${error.message}`);
              throw error;
            }