From 569a592741df48e289b51fcab85ab093335ccd9f Mon Sep 17 00:00:00 2001
From: John McLear <john@mclear.co.uk>
Date: Sun, 3 May 2026 06:22:13 +0100
Subject: [PATCH] ci: install Node 22 + trigger release after Dependabot
 Automerge

Two unrelated CI bugs landing together because they were blocking the
same job graph:

1. backend-tests.yml and frontend-tests.yml were running on the
   default ubuntu-latest Node (currently 20.20), but Etherpad core's
   bin/installDeps.sh requires Node 22+:

       ERROR: Your nodejs version "20.20" is too old. nodejs 22.0.x or higher is required.

   Add `actions/setup-node@v4` with `node-version: 22` to both jobs.

2. The release job (test-and-release.yml) wasn't firing after
   Dependabot auto-merges. GitHub suppresses on:push triggers when the
   push is authored by GITHUB_TOKEN (which is automerge-action's only
   available identity), so merged Dependabot PRs landed on main but
   nothing published to npm.

   Fix mirrors what shipped to the rest of the ether/* plugins:
   - automerge.yml gets `actions: write` permission and a
     `gh workflow run test-and-release.yml --ref <default branch>`
     step gated on `mergeResult == 'merged'` (so we don't dispatch a
     phantom release on every Dependabot Automerge invocation).
   - test-and-release.yml gains a `workflow_dispatch:` trigger so
     `gh workflow run` is allowed to fire it.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/automerge.yml        | 15 +++++++++++++++
 .github/workflows/backend-tests.yml    |  4 ++++
 .github/workflows/frontend-tests.yml   |  4 ++++
 .github/workflows/test-and-release.yml |  8 +++++++-
 4 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
index 8208c11..e2813b6 100644
--- a/.github/workflows/automerge.yml
+++ b/.github/workflows/automerge.yml
@@ -2,6 +2,12 @@ name: Dependabot Automerge
 permissions:
   contents: write
   pull-requests: write
+  # `actions: write` lets the post-merge step kick off Node.js Package on
+  # the default branch via `gh workflow run`. Without this, automerge'd
+  # PRs land on main but the on-push release job never fires (GitHub
+  # Actions intentionally suppresses on:push triggers when the push is
+  # authenticated with GITHUB_TOKEN).
+  actions: write
 on:
   workflow_run:
     workflows:
@@ -21,6 +27,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Automerge
+        id: automerge
         uses: "pascalgn/automerge-action@v0.16.4"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -28,3 +35,11 @@ jobs:
           MERGE_LABELS: ""
           MERGE_RETRY_SLEEP: "100000"
 
+      - name: Trigger release on default branch
+        # `pascalgn/automerge-action` exits 0 whether or not it merged. Skip
+        # the dispatch when nothing was actually merged so we don't kick a
+        # phantom release run on every Dependabot Automerge invocation.
+        if: steps.automerge.outputs.mergeResult == 'merged'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: gh workflow run test-and-release.yml --ref ${{ github.event.repository.default_branch }}
diff --git a/.github/workflows/backend-tests.yml b/.github/workflows/backend-tests.yml
index 9493d3f..28c75ab 100644
--- a/.github/workflows/backend-tests.yml
+++ b/.github/workflows/backend-tests.yml
@@ -26,6 +26,10 @@ jobs:
         with:
           repository: ether/etherpad-lite
           path: etherpad-lite
+      - uses: actions/setup-node@v4
+        name: Install Node.js
+        with:
+          node-version: 22
       - uses: pnpm/action-setup@v6
         name: Install pnpm
         with:
diff --git a/.github/workflows/frontend-tests.yml b/.github/workflows/frontend-tests.yml
index c8748dd..646c540 100644
--- a/.github/workflows/frontend-tests.yml
+++ b/.github/workflows/frontend-tests.yml
@@ -15,6 +15,10 @@ jobs:
         uses: actions/checkout@v6
         with:
           repository: ether/etherpad-lite
+      - uses: actions/setup-node@v4
+        name: Install Node.js
+        with:
+          node-version: 22
       - uses: pnpm/action-setup@v6
         name: Install pnpm
         with:
diff --git a/.github/workflows/test-and-release.yml b/.github/workflows/test-and-release.yml
index 85c8552..a93d38a 100644
--- a/.github/workflows/test-and-release.yml
+++ b/.github/workflows/test-and-release.yml
@@ -1,5 +1,11 @@
 name: Node.js Package
-on: [push]
+on:
+  push:
+  # Invoked by automerge.yml after a Dependabot PR is merged. GitHub
+  # Actions doesn't fire on:push when the push is authored by GITHUB_TOKEN
+  # (the automerge action's only available identity), so without this
+  # dispatch trigger the release job never runs after auto-merges.
+  workflow_dispatch:
 
 # id-token: write must be granted here so the reusable npmpublish workflow
 # can request an OIDC token for npm trusted publishing.