From 6747ce10de172b84f0c88da75fe2ecac3ca1944b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Pallar=C3=A9s?=
 <cristian.pallares@localstack.cloud>
Date: Thu, 2 Apr 2026 12:48:58 +0200
Subject: [PATCH] chore(ci): fix workflows

---
 .github/workflows/audit-fix.yml             | 66 ---------------------
 .github/workflows/auto-approve-merge.yml    | 31 ----------
 .github/workflows/build.yml                 |  2 +-
 .github/workflows/dependabot-auto-merge.yml | 21 ++++---
 4 files changed, 14 insertions(+), 106 deletions(-)
 delete mode 100644 .github/workflows/audit-fix.yml
 delete mode 100644 .github/workflows/auto-approve-merge.yml

diff --git a/.github/workflows/audit-fix.yml b/.github/workflows/audit-fix.yml
deleted file mode 100644
index 4d82274..0000000
--- a/.github/workflows/audit-fix.yml
+++ /dev/null
@@ -1,66 +0,0 @@
-name: Audit fix
-
-on:
-  schedule:
-    - cron: '0 9 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  audit-fix:
-    name: Run npm audit fix and create pull request
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-
-      - name: Setup Node
-        uses: actions/setup-node@v4
-        with:
-          cache: npm
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Run npm audit fix
-        run: |
-          npm audit 2>&1 > audit-report.txt || true
-          npm audit fix || npm audit fix --force || true
-
-      - name: Create pull request
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GH_REPO: ${{ github.repository }}
-        run: |
-          if git diff --quiet; then
-            echo "No changes after npm audit fix, skipping PR creation"
-            exit 0
-          fi
-
-          BRANCH="npm-audit-fix-$(date +%Y%m%d-%H%M%S)"
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
-          git checkout -b "$BRANCH"
-          git add package.json package-lock.json
-          git commit -m "chore(deps): npm audit fix"
-          git push origin "$BRANCH"
-
-          cat > pr-body.md << 'BODYEOF'
-          Automated security fixes via `npm audit fix`.
-
-          ## Audit Report
-
-          ```
-          BODYEOF
-          cat audit-report.txt >> pr-body.md
-          echo '```' >> pr-body.md
-
-          gh pr create \
-            --title "chore(deps): npm audit fix" \
-            --body-file pr-body.md \
-            --label "audit: fix" \
-            --base main \
-            --head "$BRANCH"
diff --git a/.github/workflows/auto-approve-merge.yml b/.github/workflows/auto-approve-merge.yml
deleted file mode 100644
index f09bbc7..0000000
--- a/.github/workflows/auto-approve-merge.yml
+++ /dev/null
@@ -1,31 +0,0 @@
-name: Auto approve and merge
-
-on:
-  pull_request_target:
-    types:
-      - labeled
-      - opened
-      - synchronize
-      - reopened
-      - ready_for_review
-
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  auto-merge:
-    name: Auto approve and merge
-    runs-on: ubuntu-latest
-    if: "github.actor == 'dependabot[bot]' || (github.event.pull_request.user.login == 'github-actions[bot]' && contains(github.event.pull_request.labels.*.name, 'audit: fix'))"
-    steps:
-      - name: Approve
-        run: gh pr review "$PR_NUMBER" --approve
-        env:
-          PR_NUMBER: ${{ github.event.number }}
-          GH_TOKEN: ${{ secrets.LOCALSTACK_BOT_TOKEN }}
-      - name: Enable auto-merge
-        run: gh pr merge "$PR_NUMBER" --auto --squash
-        env:
-          PR_NUMBER: ${{ github.event.number }}
-          GH_TOKEN: ${{ secrets.LOCALSTACK_BOT_TOKEN }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 386bbdc..b93899a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -24,7 +24,7 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
-      - name: Lint
+      - name: Format
         run: npx biome ci .
 
   lint:
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
index 7680b68..32d4d12 100644
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -1,8 +1,13 @@
-name: Dependabot Auto-merge
+name: Auto merge Dependabot pull requests
 
 on:
-  pull_request:
-    branches: ["main"]
+  pull_request_target:
+    types:
+      - labeled
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
 
 permissions:
   contents: write
@@ -10,17 +15,17 @@ permissions:
 
 jobs:
   auto-merge:
-    name: Auto-merge dependabot pull requests
+    name: Auto merge Dependabot pull requests
     runs-on: ubuntu-latest
     if: github.actor == 'dependabot[bot]'
     steps:
       - name: Approve
-        run: gh pr review "$PR_URL" --approve --comment --body "Auto-approve Dependabot pull requests"
+        run: gh pr review "$PR_NUMBER" --approve
         env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
+          PR_NUMBER: ${{ github.event.number }}
           GH_TOKEN: ${{ secrets.LOCALSTACK_BOT_TOKEN }}
       - name: Enable auto-merge
-        run: gh pr merge "$PR_URL" --auto --squash
+        run: gh pr merge "$PR_NUMBER" --auto --squash
         env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
+          PR_NUMBER: ${{ github.event.number }}
           GH_TOKEN: ${{ secrets.LOCALSTACK_BOT_TOKEN }}