From fcb48eff5ce1d4acdf427aa475cb64741d7d4f45 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Mon, 27 May 2024 23:08:39 +0200
Subject: [PATCH] actions: automerge: check when review happens after CI
 success

---
 actions/example-automerge/run.sh | 51 ++++++++++++++++++++++++++++----
 lib/api.sh                       | 40 +++++++++++++++++++++++++
 2 files changed, 85 insertions(+), 6 deletions(-)

diff --git a/actions/example-automerge/run.sh b/actions/example-automerge/run.sh
index e7f5395..2134dc4 100755
--- a/actions/example-automerge/run.sh
+++ b/actions/example-automerge/run.sh
@@ -5,32 +5,31 @@ trap "rm -fr $TMPDIR" EXIT
 source $EXAMPLE_DIR/../../lib/lib.sh
 
 api=$url/api/v1
+repo=root/example-automerge
 export d=/srv/example/automerge
 
-PROOF='some proof'
-
-function main() {
+function reset_automerge_pr() {
     #
     # repository with a pull_request event workflow that always succeeds
     #
     mkdir -p $d
 
+    forgejo-curl.sh api_json -X DELETE $api/repos/$repo >&/dev/null || true
     forgejo-test-helper.sh push_workflow actions/example-$example $url root example-$example setup-forgejo $token
 
-    local repo=root/example-automerge
-
     forgejo-curl.sh api_json -X DELETE $api/repos/$repo/actions/variables/SCRIPT >&/dev/null || true
     forgejo-curl.sh api_json -X POST --data-raw '{"value":"true"}' $api/repos/$repo/actions/variables/SCRIPT
 
     (
         cd $d
+	rm -fr example-automerge
         git clone $url/$repo
         cd example-automerge
         git checkout -b other
         git config user.email root@example.com
         git config user.name username
         touch file-unique-to-the-pr-branch
-        echo other $PROOF >>README
+        echo other >>README
         git add .
         git commit -m 'other change'
         git push --force -u origin other
@@ -51,6 +50,11 @@ function main() {
         echo pull request already merged although it should not be
         return 1
     fi
+}
+
+function verify_automerge_on_status_success() {
+    reset_automerge_pr
+    local pr=$(jq -r .number <$TMPDIR/pr.json)
     #
     # run the workflow
     #
@@ -66,4 +70,39 @@ function main() {
     fi
 }
 
+function verify_automerge_on_reviewer_approval() {
+    reset_automerge_pr
+    local pr=$(jq -r .number <$TMPDIR/pr.json)
+    #
+    # require at least one review for a PR to be merged
+    #
+    api_branch_protect $api $repo main
+    #
+    # run the workflow
+    #
+    forgejo-runner.sh run
+    local sha=$(api_branch_tip $api $repo other)
+    api_pr_wait_success $api $repo $sha
+    #
+    # approve the PR
+    #
+    local username=user1
+    api_user_create $api $username $username@example.com
+    api_user_make_admin $api $username
+    user_login $username
+    DOT=$API_TMPDIR/$username api_pr_approve $api $repo $pr
+    #
+    # verify the PR was automerged
+    #
+    if ! retry api_pr_is_merged $api $repo $pr; then
+        echo pull request is not automerged as expected
+        return 1
+    fi
+}
+
+function main() {
+    verify_automerge_on_status_success
+    verify_automerge_on_reviewer_approval
+}
+
 main
diff --git a/lib/api.sh b/lib/api.sh
index b58984a..03db36c 100644
--- a/lib/api.sh
+++ b/lib/api.sh
@@ -3,6 +3,29 @@
 # SPDX-License-Identifier: MIT
 
 API_TMPDIR=$(mktemp -d)
+: ${PASSWORD:=admin1234}
+
+function api_user_make_admin() {
+    local api="$1" username="$2"
+
+    forgejo-curl.sh api_json -X PATCH --data '{"admin":true}' $api/admin/users/$username
+}
+
+function api_user_create() {
+    local api="$1" username="$2" email="$3"
+    log_info "(re)create user $username"
+    forgejo-curl.sh api_json -X DELETE $api/admin/users/$username?purge=true >& /dev/null || true
+    forgejo-curl.sh api_json --data '{"username":"'$username'","email":"'$email'","password":"admin1234","must_change_password":false}' $api/admin/users
+}
+
+function user_login() {
+    local username=$1
+    (
+	export DOT=$API_TMPDIR/$username
+	forgejo-curl.sh logout
+	forgejo-curl.sh --user $username --password "admin1234" login http://${HOST_PORT}
+    )
+}
 
 function api_branch_tip() {
     local api="$1"
@@ -13,6 +36,23 @@ function api_branch_tip() {
     forgejo-curl.sh api_json $api/repos/$repo/branches/$branch | jq --raw-output .commit.id
 }
 
+function api_branch_protect() {
+    local api="$1"
+    local repo="$2"
+    local branch="$3"
+
+    forgejo-curl.sh api_json -X DELETE $api/repos/${repo}/branch_protections/$branch >&/dev/null || true
+    forgejo-curl.sh api_json --data '{"branch_name":"'$branch'","required_approvals":1}' $api/repos/${repo}/branch_protections
+}
+
+function api_pr_approve() {
+    local api="$1"
+    local repo="$2"
+    local pr="$3"
+
+    forgejo-curl.sh api_json --data '{"event":"APPROVED"}' $api/repos/${repo}/pulls/$pr/reviews
+}
+
 function api_pr_is_merged() {
     local api="$1"
     local repo="$2"