Setup Auto Merge Forward Dependabot Commits Workflows

Issue gh-2865

Author: marcusdacoregio

.github/workflows/dependabot-auto-merge-forward.yml

@@ -0,0 +1,42 @@
+name: Auto Merge Forward Dependabot Commits
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: dependabot-auto-merge-forward
+
+jobs:
+  get-supported-branches:
+    uses: spring-io/spring-security-release-tools/.github/workflows/retrieve-spring-supported-versions.yml@actions-v1
+    with:
+      project: spring-session
+      type: oss
+      repository_name: spring-projects/spring-session
+
+  auto-merge-forward-dependabot:
+    name: Auto Merge Forward Dependabot Commits
+    runs-on: ubuntu-latest
+    needs: [get-supported-branches]
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
+      - name: Setup GitHub User
+        id: setup-gh-user
+        run: |
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+      - name: Run Auto Merge Forward
+        id: run-auto-merge-forward
+        uses: spring-io/spring-security-release-tools/.github/actions/auto-merge-forward@actions-v1
+        with:
+          branches: ${{ needs.get-supported-branches.outputs.supported_versions }},main
+          from-author: dependabot[bot]

.github/workflows/merge-dependabot-pr.yml

@@ -0,0 +1,52 @@
+name: Merge Dependabot PR
+
+on: pull_request_target
+
+run-name: Merge Dependabot PR ${{ github.ref_name }}
+
+permissions: write-all
+
+jobs:
+  merge-dependabot-pr:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+
+      - uses: actions/checkout@v4
+        with:
+          show-progress: false
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 17
+
+      - name: Set Milestone to Dependabot Pull Request
+        id: set-milestone
+        run: |
+          if test -f pom.xml
+          then
+            CURRENT_VERSION=$(mvn help:evaluate -Dexpression="project.version" -q -DforceStdout)
+          else
+            CURRENT_VERSION=$(cat gradle.properties | sed -n '/^version=/ { s/^version=//;p }')
+          fi
+          export CANDIDATE_VERSION=${CURRENT_VERSION/-SNAPSHOT}
+          MILESTONE=$(gh api repos/$GITHUB_REPOSITORY/milestones --jq 'map(select(.due_on != null and (.title | startswith(env.CANDIDATE_VERSION)))) | .[0] | .title')
+          
+          if [ -z $MILESTONE ]
+          then
+            gh run cancel ${{ github.run_id }}
+            echo "::warning title=Cannot merge::No scheduled milestone for $CURRENT_VERSION version"
+          else
+            gh pr edit ${{ github.event.pull_request.number }} --milestone $MILESTONE
+            echo mergeEnabled=true >> $GITHUB_OUTPUT
+          fi
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Merge Dependabot pull request
+        if: steps.set-milestone.outputs.mergeEnabled
+        run: gh pr merge ${{ github.event.pull_request.number }} --auto --rebase
+        env:
+          GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}

.github/workflows/trigger-dependabot-auto-merge-forward.yml

@@ -0,0 +1,22 @@
+name: Trigger Dependabot Auto Merge Forward
+
+on:
+  push:
+    branches:
+      - '*.x'
+
+permissions: read-all
+
+jobs:
+  trigger-worflow:
+    name: Trigger Workflow
+    runs-on: ubuntu-latest
+    if: ${{ github.event.commits[0].author.username == 'dependabot[bot]' && github.repository == 'spring-projects/spring-session' }}
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v4
+      - id: trigger
+        env:
+          GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
+        run: gh workflow run dependabot-auto-merge-forward.yml -r main