fix(plugin-release): fallback to --admin when auto-merge is disabled (#173)

When MERGE_STATE is BLOCKED or UNKNOWN, the workflow attempts --auto
first. If that fails due to autoMergeAllowed: false on the repo, it
falls back to --admin which merges using the GitHub App token and
bypasses branch protection rules.

Resolves: PRI-497

Co-authored-by: Chris Farhood <chris@farhood.org>

.github/workflows/plugin-release.yaml

@@ -385,8 +385,22 @@ jobs:
           done
 
           if [ "$MERGE_STATE" = "BLOCKED" ] || [ "$MERGE_STATE" = "UNKNOWN" ]; then
-            echo "PR is $MERGE_STATE — enabling auto-merge (safe fallback, waits for branch protection checks)."
-            gh pr merge "$OPEN_PR" --auto --squash --delete-branch
+            echo "PR is $MERGE_STATE — attempting auto-merge (safe fallback, waits for branch protection checks)."
+            if gh pr merge "$OPEN_PR" --auto --squash --delete-branch 2>&1; then
+              echo "Auto-merge initiated successfully."
+            else
+              AUTO_MERGE_ERR=$?
+              # If --auto failed because auto-merge is disabled for this repo
+              # (autoMergeAllowed: false), fall back to --admin which merges
+              # regardless of branch protection rules. --admin requires GitHub
+              # App token, not GITHUB_TOKEN, so GH_TOKEN is already correct.
+              if gh pr merge "$OPEN_PR" --admin --squash --delete-branch 2>&1; then
+                echo "Auto-merge unavailable (autoMergeAllowed: false) — merged via --admin."
+              else
+                echo "::error::Both --auto and --admin merge failed. Exiting."
+                exit 1
+              fi
+            fi
           else
             echo "PR is $MERGE_STATE — merging directly."
             gh pr merge "$OPEN_PR" --squash --delete-branch