From 71b51746afa970d3bac7d335a4b822167ecc27ff Mon Sep 17 00:00:00 2001
From: Barrett Ruth <62671086+barrettruth@users.noreply.github.com>
Date: Tue, 3 Mar 2026 15:18:20 -0500
Subject: [PATCH] ci(digest): auto-approve digest PRs via PAT to satisfy review
 requirement (#46)

Problem: the main branch ruleset requires 1 approving review, which
blocks auto-merge. The GITHUB_TOKEN cannot approve its own PR.

Solution: after creating the PR, approve it using DIGEST_PAT (a
fine-grained PAT stored as a repo secret), then enable auto-merge.
The approval comes from a different actor than the bot, satisfying
require_last_push_approval.
---
 .github/workflows/upstream-digest.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/upstream-digest.yml b/.github/workflows/upstream-digest.yml
index f3482cc..bb7d8f7 100644
--- a/.github/workflows/upstream-digest.yml
+++ b/.github/workflows/upstream-digest.yml
@@ -43,5 +43,6 @@ jobs:
               --body "Automated weekly digest of new upstream activity. Triage by updating statuses and notes." \
               --base main \
               --head "${BRANCH}")
+            GH_TOKEN="${{ secrets.DIGEST_PAT }}" gh pr review "${PR_URL}" --approve
             gh pr merge "${PR_URL}" --auto --squash
           fi