fix: update auto-merge workflow triggers and bot username

[christineschen]

• Add 'opened' trigger to catch PRs when bot immediately applies label
• Fix bot username from github-actions[bot] to app/github-actions
  This enables the auto-merge workflow to work with Speakeasy SDK generation PRs.

Changes

1. Added 'opened' trigger (line 8): The bot applies labels during PR creation, which doesn't fire a separate "labeled" event. Adding "opened" ensures the workflow triggers when Speakeasy creates the PR.
2. Fixed bot username (lines 21-22): Changed from github-actions[bot] to app/github-actions to match the actual bot username used by GitHub Actions.

Testing

Once merged, the next Speakeasy SDK generation will automatically:

• Create a PR
• Apply the 'patch' label
• Trigger this workflow
• Auto-merge the PR

[perry-the-pr-reviewer]

Perry's Review

Adds the opened event trigger to the auto-merge workflow and corrects the bot-actor username check from github-actions[bot] to app/github-actions.

Verdict: 🔁 Needs changes

Details

Risk: 🟢 Low

CI: all passing ✅

Findings (see inline comments for full context):

• 🔴 .github/workflows/auto-merge-speakeasy-pr.yaml:8 — opened trigger is dead code: github.event.label.name is null on opened events so the job if: always returns false

Codex: skipped (trivial tier)

Research: skipped (trivial tier)

Security: category 7 (auth/authz) TOUCHED — if: condition identity checks updated; bot username correction is appropriate; no exploitable gaps introduced.

Test coverage: no automated test coverage for CI workflow logic (expected).

Unresolved threads: none

Review metadata

Scope: first review (full)
Review: tier=trivial · model=claude-sonnet-latest · score=0.1

[perry-the-pr-reviewer]

[blocker] opened trigger added but the job if: condition always returns false on opened events — making this trigger a no-op

Details

Why: The job's if: block ends with:

contains(fromJSON('["patch", "minor", "major"]'), github.event.label.name)

On an opened event, github.event.label is not set — github.event.label.name evaluates to an empty string "". contains(["patch","minor","major"], "") returns false in GitHub Actions expressions, so the entire if: condition short-circuits to false regardless of the other predicates. The workflow step runs (triggering a runner), but the auto-merge job is immediately skipped — the opened trigger achieves nothing.

According to the GitHub docs, when Speakeasy opens a PR and immediately applies a label via the API, GitHub fires both pull_request.opened AND pull_request.labeled events. So the original labeled-only trigger should already be sufficient if the label is applied before or shortly after PR creation. If there is a race condition where the workflow is not yet registered by the time the labeled event fires (e.g. the repo was empty), the right fix is to add a label check that works for opened too — not just adding the trigger.

Fix options:

1. Remove the opened trigger (revert this hunk) if labeled reliably fires for Speakeasy PRs — the bot-username fix on lines 21–22 is still correct and useful.
2. If a race condition is confirmed, restructure the if: to branch on event type:

if: |
  (github.event.sender.login == 'app/github-actions') &&
  (github.event.pull_request.user.login == 'app/github-actions') &&
  startsWith(github.event.pull_request.head.ref, 'speakeasy-sdk-regen-') &&
  contains(github.event.pull_request.title, '🐝 Update SDK') &&
  (
    (github.event_name == 'pull_request' && github.event.action == 'labeled' &&
     contains(fromJSON('["patch", "minor", "major"]'), github.event.label.name)) ||
    (github.event_name == 'pull_request' && github.event.action == 'opened' &&
     contains(fromJSON('["patch", "minor", "major"]'), join(github.event.pull_request.labels.*.name, ',')))
  )

Ref: GitHub Actions — pull_request event payload

Prompt for agents

In `.github/workflows/auto-merge-speakeasy-pr.yaml` line 8, the `opened` trigger was added but the job's `if:` condition at line 21 ends with `contains(fromJSON('["patch", "minor", "major"]'), github.event.label.name)`. On the `opened` event, `github.event.label` is absent, so `github.event.label.name` is an empty string and `contains` returns false — the `auto-merge` job never runs on `opened` events. Either (a) remove `opened` from `types` if the `labeled` event already fires reliably for Speakeasy PRs, or (b) restructure the `if:` condition to check `github.event.pull_request.labels.*.name` (the full label list) when the event action is `opened`, and `github.event.label.name` (the just-applied label) only when the action is `labeled`.

Reviewed at c34ce15

Superseded by updated Perry review

[perry-the-pr-reviewer]

⚠️ APPROVE unavailable on this installation — the maintainer GitHub App does not have pull_requests: write on OpenRouterTeam, so the verdict below is posted as COMMENT. Event-level approval (for branch-protection / review requirements) must be added out-of-band.

Perry's Review

Adds a proper opened-event branch to the auto-merge job condition so the workflow actually runs when Speakeasy's bot opens a PR with version labels already applied.

Verdict: ✅ LGTM

Details

Risk: 🟡 Medium — behavioural change to auto-merge workflow trigger

CI: no CI checks present

Findings: none

Research: n/a (trivial tier — no deep research)

Security: no concerns — workflow only fires for commits from Speakeasy bot with speakeasy-sdk-regen- branch prefix and 🐝 Update SDK title

Test coverage: n/a (GitHub Actions workflow)

Unresolved threads: prior blocker at c34ce15 (opened trigger was a no-op) resolved by this commit's branched if: condition

Scope: incremental — 8 new lines since prior review
Review: tier=trivial · model=claude-sonnet-latest · score=?