From 77a55d3205a29056e779020d69f7c118ec5b0c6d Mon Sep 17 00:00:00 2001
From: Michael Kubacki <michael.kubacki@microsoft.com>
Date: Wed, 7 Dec 2022 15:27:15 -0500
Subject: [PATCH] Add auto approval for auto merge

The auto merge process needs two reviews to meet Project Mu branch
protection policy requirements. This change auto approves dependency
update pull requests so they can be auto merged.

Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
---
 .github/workflows/AutoMerger.yml    | 22 ++++++++++++++++++++++
 .sync/workflows/leaf/auto-merge.yml |  1 +
 2 files changed, 23 insertions(+)

diff --git a/.github/workflows/AutoMerger.yml b/.github/workflows/AutoMerger.yml
index 175118ac..18464c1f 100644
--- a/.github/workflows/AutoMerger.yml
+++ b/.github/workflows/AutoMerger.yml
@@ -13,6 +13,27 @@ on:
   workflow_call:
 
 jobs:
+  bot_approval:
+    name: Bot Approval
+    if: |
+      github.event_name == 'pull_request_target' &&
+      github.event.action == 'opened' &&
+      (github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot')
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+
+    steps:
+      - uses: hmarr/auto-approve-action@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          review-message: "🤖 auto approved a ${{ github.event.pull_request.user.login }} PR."
+
+      - uses: hmarr/auto-approve-action@v3
+        with:
+          github-token: ${{ secrets.MU_BOT_AUTO_MERGE }}
+          review-message: "🤖 auto approved a ${{ github.event.pull_request.user.login }} PR."
+
   auto_merge:
     name: Merge
     runs-on: ubuntu-latest
@@ -29,6 +50,7 @@ jobs:
         uses: pascalgn/automerge-action@v0.15.5
         env:
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          MERGE_ERROR_FAIL: "false"     # Do not fail if an auto merge couldn't happen
           MERGE_FILTER_AUTHOR: "${{ matrix.author }}"
           MERGE_FORKS: "false"          # dependabot and uefibot come from local repo branches - forks not needed
           MERGE_LABELS: "!state:duplicate,!state:invalid,!state:needs-maintainer-feedback,!state:needs-submitter-info,!state:under-discussion,!state:wont-fix,!type:notes,!type:question"
diff --git a/.sync/workflows/leaf/auto-merge.yml b/.sync/workflows/leaf/auto-merge.yml
index 9fc3947b..d2b93a49 100644
--- a/.sync/workflows/leaf/auto-merge.yml
+++ b/.sync/workflows/leaf/auto-merge.yml
@@ -39,3 +39,4 @@ on:
 jobs:
   merge_check:
     uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@{{ sync_version.mu_devops }}
+    secrets: inherit