playbooks

home / skills / laurigates / claude-plugins / configure-argocd-automerge

configure-argocd-automerge skill

/configure-plugin/skills/configure-argocd-automerge

This skill configures a GitHub Actions auto-merge workflow for ArgoCD Image Updater branches to automate PR creation and merging.

npx playbooks add skill laurigates/claude-plugins --skill configure-argocd-automerge

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
5.9 KB
---
model: haiku
created: 2026-02-03
modified: 2026-02-13
reviewed: 2026-02-03
description: Configure auto-merge workflow for ArgoCD Image Updater branches
allowed-tools: Glob, Grep, Read, Write, Edit, TodoWrite
argument-hint: "[--check-only] [--fix]"
name: configure-argocd-automerge
---

# /configure:argocd-automerge

Configure GitHub Actions workflow to automatically create and merge PRs from ArgoCD Image Updater branches.

## When to Use This Skill

| Use this skill when... | Use another approach when... |
|------------------------|------------------------------|
| Setting up auto-merge for ArgoCD Image Updater branches | Configuring ArgoCD application definitions |
| Checking if `image-updater-**` branches have auto-merge | Managing general GitHub Actions workflows (`/configure:workflows`) |
| Creating the `argocd-automerge.yml` workflow from scratch | Setting up container builds (`/configure:container`) |
| Verifying PAT and permissions for auto-merge workflows | Configuring branch protection rules manually |
| Updating an existing ArgoCD auto-merge workflow | Configuring Kubernetes deployments (`/configure:skaffold`) |

## Context

- Workflows dir: !`test -d .github/workflows && echo "EXISTS" || echo "MISSING"`
- Existing automerge workflow: !`find .github/workflows -maxdepth 1 \( -name '*argocd*automerge*' -o -name '*automerge*argocd*' \) 2>/dev/null`
- Image updater branches: !`git branch -r --list 'origin/image-updater-*' 2>/dev/null`
- Auto-merge workflow: !`find .github/workflows -maxdepth 1 -name 'argocd-automerge.yml' 2>/dev/null`

## Parameters

Parse from command arguments:

- `--check-only`: Report status without offering fixes
- `--fix`: Create or update workflow automatically

## Execution

Execute this ArgoCD auto-merge workflow configuration:

### Step 1: Detect existing workflow

1. Check for `.github/workflows/` directory
2. Search for existing ArgoCD auto-merge workflow files
3. Check for `image-updater-**` branch pattern handling in any workflow

### Step 2: Check compliance

Validate the workflow against these standards:

| Check | Standard | Severity |
|-------|----------|----------|
| Workflow exists | argocd-automerge.yml | FAIL if missing |
| checkout action | v4 | WARN if older |
| Permissions | contents: write, pull-requests: write | FAIL if missing |
| Branch pattern | `image-updater-**` | WARN if different |
| Auto-merge | squash merge | INFO |

### Step 3: Report results

Print a status report:

```
ArgoCD Auto-merge Workflow Status
======================================
Workflow: .github/workflows/argocd-automerge.yml

Status:
  Workflow exists     [PASS|FAIL]
  checkout action     [version]         [PASS|WARN]
  Permissions         [explicit|missing] [PASS|FAIL]
  Branch pattern      [pattern]         [PASS|WARN]
  Auto-merge          [strategy]        [PASS|INFO]

Overall: [PASS|FAIL|WARN]
```

If `--check-only`, stop here.

### Step 4: Configure workflow (if requested)

If `--fix` flag is set or user confirms, create or update `.github/workflows/argocd-automerge.yml` with the standard template:

```yaml
name: Auto-merge ArgoCD Image Updater branches

on:
  push:
    branches:
      - 'image-updater-**'

permissions:
  contents: write
  pull-requests: write

jobs:
  create-and-merge:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Create Pull Request
        id: create-pr
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          PR_URL=$(gh pr create \
            --base main \
            --head "${{ github.ref_name }}" \
            --title "chore(deps): update container image" \
            --body "Automated image update by argocd-image-updater.

          Branch: \`${{ github.ref_name }}\`" \
            2>&1) || true

          # Check if PR already exists
          if echo "$PR_URL" | grep -q "already exists"; then
            PR_URL=$(gh pr view "${{ github.ref_name }}" --json url -q .url)
          fi

          echo "pr_url=$PR_URL" >> "$GITHUB_OUTPUT"
          echo "Created/found PR: $PR_URL"

      - name: Approve PR
        env:
          GH_TOKEN: ${{ secrets.AUTO_MERGE_PAT || secrets.GITHUB_TOKEN }}
        run: gh pr review --approve "${{ github.ref_name }}"
        continue-on-error: true

      - name: Enable auto-merge
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: gh pr merge --auto --squash "${{ github.ref_name }}"
```

## Configuration Notes

### Self-Approval

GitHub prevents workflows from approving their own PRs with `GITHUB_TOKEN`. Options:

| Approach | Setup | Notes |
|----------|-------|-------|
| `AUTO_MERGE_PAT` | Create PAT with `repo` scope, add as secret | Recommended for full automation |
| Skip approval | Remove approve step | Requires manual approval or CODEOWNERS bypass |
| Bot account | Use separate bot user's PAT | Enterprise approach |

### Branch Protection

Ensure branch protection allows:
- Auto-merge when checks pass
- Bypass for the workflow (if using CODEOWNERS)

### Customization

| Setting | Default | Alternatives |
|---------|---------|--------------|
| Base branch | `main` | `master`, `develop` |
| Merge strategy | `--squash` | `--merge`, `--rebase` |
| PR title | `chore(deps): update container image` | Custom format |

## Agentic Optimizations

| Context | Command |
|---------|---------|
| Quick status check | `/configure:argocd-automerge --check-only` |
| Auto-create workflow | `/configure:argocd-automerge --fix` |
| List image-updater branches | `git branch -r --list 'origin/image-updater-*'` |
| Verify workflow exists | `find .github/workflows -name '*argocd*automerge*' 2>/dev/null` |

## Flags

| Flag | Description |
|------|-------------|
| `--check-only` | Report status without offering fixes |
| `--fix` | Create/update workflow automatically |

## See Also

- `/configure:workflows` - GitHub Actions CI/CD workflows
- `/configure:container` - Container infrastructure
- `ci-workflows` skill - Workflow patterns

Overview

This skill configures a GitHub Actions workflow to automatically create and merge pull requests produced by ArgoCD Image Updater branches. It checks repository state, validates workflow settings and permissions, and can create or update a standard argocd-automerge.yml workflow. Use it to enforce consistent auto-merge behavior for image-update branches and to remediate common configuration gaps.

How this skill works

The skill scans .github/workflows for an existing argocd-automerge workflow and lists remote branches matching image-updater-**. It validates required settings: actions/checkout@v4, explicit write permissions for contents and pull-requests, branch pattern handling, and a squash auto-merge strategy. With the --fix flag it writes or updates .github/workflows/argocd-automerge.yml using a tested template and optional PAT handling for self-approval.

When to use it

  • You need auto-merge for branches created by ArgoCD Image Updater
  • Auditing repo for an argocd-automerge workflow or compliance issues
  • You want an automated fix to create/update the workflow (--fix)
  • You want a non-destructive check-only status report (--check-only)
  • Verifying GitHub token or PAT setup for automated approvals

Best practices

  • Run the skill with --check-only first to inspect current state before making changes
  • Prefer a separate AUTO_MERGE_PAT secret with repo scope to allow self-approval
  • Ensure branch protection allows auto-merge when checks pass or provide bypass for the workflow
  • Use actions/checkout@v4 and explicit permissions (contents: write, pull-requests: write) to avoid failures
  • Customize base branch and merge strategy in the template to match your repo policy

Example use cases

  • Quick status: detect missing workflow and permission gaps with --check-only
  • Fix mode: automatically create argocd-automerge.yml and commit standard workflow with --fix
  • CI review: validate checkout action version and permission declarations during audits
  • Ops: add AUTO_MERGE_PAT secret and enable bot-based approvals for fully automated merges
  • Maintenance: switch merge strategy from merge/rebase to squash across repos

FAQ

What does --check-only do?

It reports workflow presence and configuration against standards without changing files.

Why use a PAT instead of GITHUB_TOKEN?

GITHUB_TOKEN cannot approve or merge PRs created by the same workflow; a PAT with repo scope allows self-approval and full automation.