dependabot merger #445

	name: dependabot merger

	on:
	workflow_dispatch:
	schedule:
	- cron: '13 10 * * Tue' # trigger every Tuesday at 10:13, as our dependabot is configured to raise PRs every Tuesday at 8:00 a.m.

	env:
	DEPENDABOT_GROUPS: \|
	production-minor-patch group
	plugins group
	test group
	github-actions group
	jobs:
	review-prs:
	runs-on: ubuntu-latest
	permissions:
	contents: read # all write operations use app token
	steps:
	- name: Checkout
	uses: actions/checkout@v6

	- name: 'Create GitHub App Token'
	id: app-token
	uses: actions/create-github-app-token@v3
	with:
	client-id: ${{ secrets.SAP_CLOUD_SDK_BOT_CLIENT_ID }}
	private-key: ${{ secrets.SAP_CLOUD_SDK_BOT_PRIVATE_KEY }}
	owner: SAP
	repositories: cloud-sdk-java
	permission-contents: write
	permission-pull-requests: write

	- name: Approve and Merge PRs
	run: \|
	PRS=$(gh pr list --app "dependabot" --state "open" --json number,title)
	PR_NUMBERS=
	while IFS= read -r GROUP; do
	if [[ -z "$GROUP" ]]; then
	continue
	fi

	MATCHES=$(jq -r --arg group "$GROUP" '.[] \| select(.title \| contains($group)) \| .number' <<< "$PRS")
	echo "[DEBUG] Found PRs for group '$GROUP': '$MATCHES'"

	PR_NUMBERS="$MATCHES"$'\n'"$PR_NUMBERS"
	done <<< "${{ env.DEPENDABOT_GROUPS }}"
	echo "[DEBUG] Approving and Merging following PRs: '$PR_NUMBERS'"

	while IFS= read -r PR_NUMBER; do
	if [[ -z "$PR_NUMBER" ]]; then
	continue
	fi

	echo "[DEBUG] Approving and Merging PR #$PR_NUMBER"
	gh pr merge "$PR_NUMBER" --auto --squash
	gh pr review "$PR_NUMBER" --approve
	done <<< "$PR_NUMBERS"
	env:
	GH_TOKEN: ${{ steps.app-token.outputs.token }}

Provide feedback