.forgejo/workflows/ci.yml

@@ -11,6 +11,8 @@ name: CI
 on:
   pull_request:
     branches: [dev, main]
+    # `labeled` : permet au job auto-merge de s'evaluer quand on pose le label.
+    types: [opened, synchronize, reopened, labeled]
   push:
     # dev/main : porte de merge. feat|fix|ci|refactor : feedback avant la PR.
     branches: [dev, main, 'feat/**', 'fix/**', 'ci/**', 'refactor/**']
@@ -80,3 +82,27 @@ jobs:
           else
             echo "PHPUnit skipped: no tests/ + phpunit.xml yet (activates in P2)"
           fi
+
+  auto-merge:
+    # Fusion automatique OPT-IN : poser le label `auto-merge` sur la PR.
+    # Ne s'execute que si les 3 checks passent (needs) ET si le label est present.
+    # Plus fiable que le merge_when_checks_succeed natif de Forgejo (qui ne se
+    # declenche pas toujours au passage au vert). Fusionne via l'API REST.
+    needs: [secret-scan, php-lint, static-tests]
+    if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'auto-merge')
+    runs-on: docker
+    steps:
+      - name: Install curl
+        run: apt-get update -qq && apt-get install -y -qq curl ca-certificates >/dev/null
+      - name: Merge PR (squash) once CI is green
+        run: |
+          API="${{ github.server_url }}/api/v1/repos/${{ github.repository }}"
+          PR="${{ github.event.pull_request.number }}"
+          code=$(curl -s -o /tmp/resp -w "%{http_code}" -X POST \
+            -H "Authorization: token ${{ secrets.FORGEJO_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d '{"Do":"squash","delete_branch_after_merge":true}' \
+            "$API/pulls/$PR/merge")
+          echo "merge HTTP $code"; cat /tmp/resp || true; echo
+          [ "$code" = "200" ] || { echo "auto-merge failed (HTTP $code)"; exit 1; }
+          echo "PR #$PR merged."