From a32ed8ca4e8dfa66ae6c945a59297ba4b5471c19 Mon Sep 17 00:00:00 2001
From: Arash <arash77.kad@gmail.com>
Date: Mon, 16 Mar 2026 17:08:27 +0100
Subject: [PATCH 1/3] Add auto-merge bot workflow for successful PRs

---
 .github/workflows/auto-merge-bot.yaml | 52 +++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 .github/workflows/auto-merge-bot.yaml

diff --git a/.github/workflows/auto-merge-bot.yaml b/.github/workflows/auto-merge-bot.yaml
new file mode 100644
index 000000000..156a4ba6c
--- /dev/null
+++ b/.github/workflows/auto-merge-bot.yaml
@@ -0,0 +1,52 @@
+name: Auto-merge bot PRs
+
+on:
+  workflow_run:
+    workflows:
+      - "Build image"
+    types:
+      - completed
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  auto-merge:
+    if: >
+      github.event.workflow_run.conclusion == 'success' &&
+      github.event.workflow_run.event == 'pull_request'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Find and merge bot PR
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO: ${{ github.repository }}
+          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
+        run: |
+          PR_NUMBER=$(gh pr list \
+            --repo "$REPO" \
+            --state open \
+            --json number,headRefOid \
+            --jq ".[] | select(.headRefOid == \"$HEAD_SHA\") | .number")
+
+          if [ -z "$PR_NUMBER" ]; then
+            echo "No open PR found for sha $HEAD_SHA — skipping."
+            exit 0
+          fi
+
+          AUTHOR=$(gh pr view "$PR_NUMBER" \
+            --repo "$REPO" \
+            --json author \
+            --jq '.author.login')
+
+          if [ "$AUTHOR" != "dockerhub-toolshed" ]; then
+            echo "PR #$PR_NUMBER author is '$AUTHOR', not 'dockerhub-toolshed' — skipping."
+            exit 0
+          fi
+
+          echo "Merging PR #$PR_NUMBER from $AUTHOR"
+          gh pr merge "$PR_NUMBER" \
+            --repo "$REPO" \
+            --merge \
+            --delete-branch

From b2e3702dd584c5d3e7e480cd06de189d2c092b7d Mon Sep 17 00:00:00 2001
From: Arash <arash77.kad@gmail.com>
Date: Tue, 17 Mar 2026 10:42:50 +0100
Subject: [PATCH 2/3] Refactor auto-merge bot workflow to trigger on pull
 request events and simplify merging logic

---
 .github/workflows/auto-merge-bot.yaml | 52 ++++-----------------------
 1 file changed, 7 insertions(+), 45 deletions(-)

diff --git a/.github/workflows/auto-merge-bot.yaml b/.github/workflows/auto-merge-bot.yaml
index 156a4ba6c..79ee4b18f 100644
--- a/.github/workflows/auto-merge-bot.yaml
+++ b/.github/workflows/auto-merge-bot.yaml
@@ -1,52 +1,14 @@
 name: Auto-merge bot PRs
 
 on:
-  workflow_run:
-    workflows:
-      - "Build image"
-    types:
-      - completed
-
-permissions:
-  contents: write
-  pull-requests: write
+  pull_request_target:
+    types: [opened, synchronize, reopened]
 
 jobs:
-  auto-merge:
-    if: >
-      github.event.workflow_run.conclusion == 'success' &&
-      github.event.workflow_run.event == 'pull_request'
+  automerge:
     runs-on: ubuntu-latest
     steps:
-      - name: Find and merge bot PR
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          REPO: ${{ github.repository }}
-          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
-        run: |
-          PR_NUMBER=$(gh pr list \
-            --repo "$REPO" \
-            --state open \
-            --json number,headRefOid \
-            --jq ".[] | select(.headRefOid == \"$HEAD_SHA\") | .number")
-
-          if [ -z "$PR_NUMBER" ]; then
-            echo "No open PR found for sha $HEAD_SHA — skipping."
-            exit 0
-          fi
-
-          AUTHOR=$(gh pr view "$PR_NUMBER" \
-            --repo "$REPO" \
-            --json author \
-            --jq '.author.login')
-
-          if [ "$AUTHOR" != "dockerhub-toolshed" ]; then
-            echo "PR #$PR_NUMBER author is '$AUTHOR', not 'dockerhub-toolshed' — skipping."
-            exit 0
-          fi
-
-          echo "Merging PR #$PR_NUMBER from $AUTHOR"
-          gh pr merge "$PR_NUMBER" \
-            --repo "$REPO" \
-            --merge \
-            --delete-branch
+      - uses: daneden/enable-automerge-action@v1
+        with:
+          github-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          allowed-author: "dockerhub-toolshed"

From 55656e06cf81576a71acc983cbb051879321d4a2 Mon Sep 17 00:00:00 2001
From: Arash <arash77.kad@gmail.com>
Date: Thu, 19 Mar 2026 11:36:52 +0100
Subject: [PATCH 3/3] Update auto-merge bot to use GitHub app token for
 authentication

---
 .github/workflows/auto-merge-bot.yaml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/auto-merge-bot.yaml b/.github/workflows/auto-merge-bot.yaml
index 79ee4b18f..ec1b2b702 100644
--- a/.github/workflows/auto-merge-bot.yaml
+++ b/.github/workflows/auto-merge-bot.yaml
@@ -8,7 +8,13 @@ jobs:
   automerge:
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/create-github-app-token@v3
+        id: app-token
+        with:
+          app-id: 3114451
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+
       - uses: daneden/enable-automerge-action@v1
         with:
-          github-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          github-token: ${{ steps.app-token.outputs.token }}
           allowed-author: "dockerhub-toolshed"