From c5eba2cf670347ca94c25dc7b4e47e052a26c564 Mon Sep 17 00:00:00 2001 From: "privilegedescalation-engineer[bot]" <269729446+privilegedescalation-engineer[bot]@users.noreply.github.com> Date: Mon, 11 May 2026 13:49:35 +0000 Subject: [PATCH] fix(plugin-release): fallback to --admin when auto-merge is disabled (#173) When MERGE_STATE is BLOCKED or UNKNOWN, the workflow attempts --auto first. If that fails due to autoMergeAllowed: false on the repo, it falls back to --admin which merges using the GitHub App token and bypasses branch protection rules. Resolves: PRI-497 Co-authored-by: Chris Farhood --- .github/workflows/plugin-release.yaml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/plugin-release.yaml b/.github/workflows/plugin-release.yaml index 6fe96d9..6662a31 100644 --- a/.github/workflows/plugin-release.yaml +++ b/.github/workflows/plugin-release.yaml @@ -385,8 +385,22 @@ jobs: done if [ "$MERGE_STATE" = "BLOCKED" ] || [ "$MERGE_STATE" = "UNKNOWN" ]; then - echo "PR is $MERGE_STATE — enabling auto-merge (safe fallback, waits for branch protection checks)." - gh pr merge "$OPEN_PR" --auto --squash --delete-branch + echo "PR is $MERGE_STATE — attempting auto-merge (safe fallback, waits for branch protection checks)." + if gh pr merge "$OPEN_PR" --auto --squash --delete-branch 2>&1; then + echo "Auto-merge initiated successfully." + else + AUTO_MERGE_ERR=$? + # If --auto failed because auto-merge is disabled for this repo + # (autoMergeAllowed: false), fall back to --admin which merges + # regardless of branch protection rules. --admin requires GitHub + # App token, not GITHUB_TOKEN, so GH_TOKEN is already correct. + if gh pr merge "$OPEN_PR" --admin --squash --delete-branch 2>&1; then + echo "Auto-merge unavailable (autoMergeAllowed: false) — merged via --admin." + else + echo "::error::Both --auto and --admin merge failed. Exiting." + exit 1 + fi + fi else echo "PR is $MERGE_STATE — merging directly." gh pr merge "$OPEN_PR" --squash --delete-branch