laurigates/configure-argocd-automerge
configure-plugin/skills/configure-argocd-automerge/SKILL.md
ArgoCD auto-merge: configure GitHub Actions for image-updater-** branches. Use when setting up argocd-automerge.yml or verifying PAT permissions.
$ install --global
skillsauthnpx skillsauth add laurigates/claude-plugins configure-argocd-automergeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 9:13 AM148.9s1 file scanned
SKILL.md
- created:
- 2026-02-03
- modified:
- 2026-06-01
- reviewed:
- 2026-06-01
- description:
- ArgoCD auto-merge: configure GitHub Actions for image-updater-** branches. Use when setting up argocd-automerge.yml or verifying PAT permissions.
- allowed-tools:
- Glob, Grep, Read, Write, Edit, TodoWrite
- args:
- [--check-only] [--fix]
- argument-hint:
- [--check-only] [--fix]
- name:
- configure-argocd-automerge
/configure:argocd-automerge
Configure GitHub Actions workflow to automatically create and merge PRs from ArgoCD Image Updater branches.
When to Use This Skill
| Use this skill when... | Use another approach when... |
|------------------------|------------------------------|
| Setting up auto-merge for ArgoCD Image Updater branches | Configuring ArgoCD application definitions |
| Checking if image-updater-** branches have auto-merge | Managing general GitHub Actions workflows (/configure:workflows) |
| Creating the argocd-automerge.yml workflow from scratch | Setting up container builds (/configure:container) |
| Verifying PAT and permissions for auto-merge workflows | Configuring branch protection rules manually |
| Updating an existing ArgoCD auto-merge workflow | Configuring Kubernetes deployments (/configure:skaffold) |
Context
- Workflows dir: !
find . -maxdepth 1 -type d -name \'.github/workflows\' - Existing automerge workflow: !
find .github/workflows -maxdepth 1 \( -name '*argocd*automerge*' -o -name '*automerge*argocd*' \) - Image updater branches: !
git branch -r --list 'origin/image-updater-*' - Auto-merge workflow: !
find .github/workflows -maxdepth 1 -name 'argocd-automerge.yml'
Parameters
Parse from command arguments:
--check-only: Report status without offering fixes--fix: Create or update workflow automatically
Execution
Execute this ArgoCD auto-merge workflow configuration:
Step 1: Detect existing workflow
- Check for
.github/workflows/directory - Search for existing ArgoCD auto-merge workflow files
- Check for
image-updater-**branch pattern handling in any workflow
Step 2: Check compliance
Validate the workflow against these standards:
| Check | Standard | Severity |
|-------|----------|----------|
| Workflow exists | argocd-automerge.yml | FAIL if missing |
| checkout action | v6 | WARN if older |
| Permissions | contents: write, pull-requests: write | FAIL if missing |
| Branch pattern | image-updater-** | WARN if different |
| Auto-merge | squash merge | INFO |
Step 3: Report results
Print a status report:
ArgoCD Auto-merge Workflow Status
======================================
Workflow: .github/workflows/argocd-automerge.yml
Status:
Workflow exists [PASS|FAIL]
checkout action [version] [PASS|WARN]
Permissions [explicit|missing] [PASS|FAIL]
Branch pattern [pattern] [PASS|WARN]
Auto-merge [strategy] [PASS|INFO]
Overall: [PASS|FAIL|WARN]
If --check-only, stop here.
Step 4: Configure workflow (if requested)
If --fix flag is set or user confirms, create or update .github/workflows/argocd-automerge.yml with the standard template:
name: Auto-merge ArgoCD Image Updater branches
on:
push:
branches:
- 'image-updater-**'
permissions:
contents: write
pull-requests: write
jobs:
create-and-merge:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Create Pull Request
id: create-pr
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PR_URL=$(gh pr create \
--base main \
--head "${{ github.ref_name }}" \
--title "chore(deps): update container image" \
--body "Automated image update by argocd-image-updater.
Branch: \`${{ github.ref_name }}\`" \
2>&1) || true
# Check if PR already exists
if echo "$PR_URL" | grep -q "already exists"; then
PR_URL=$(gh pr view "${{ github.ref_name }}" --json url -q .url)
fi
echo "pr_url=$PR_URL" >> "$GITHUB_OUTPUT"
echo "Created/found PR: $PR_URL"
- name: Approve PR
env:
GH_TOKEN: ${{ secrets.AUTO_MERGE_PAT || secrets.GITHUB_TOKEN }}
run: gh pr review --approve "${{ github.ref_name }}"
continue-on-error: true
- name: Enable auto-merge
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh pr merge --auto --squash "${{ github.ref_name }}"
Configuration Notes
Self-Approval
GitHub prevents workflows from approving their own PRs with GITHUB_TOKEN. Options:
| Approach | Setup | Notes |
|----------|-------|-------|
| AUTO_MERGE_PAT | Create PAT with repo scope, add as secret | Recommended for full automation |
| Skip approval | Remove approve step | Requires manual approval or CODEOWNERS bypass |
| Bot account | Use separate bot user's PAT | Enterprise approach |
Branch Protection
Ensure branch protection allows:
- Auto-merge when checks pass
- Bypass for the workflow (if using CODEOWNERS)
Customization
| Setting | Default | Alternatives |
|---------|---------|--------------|
| Base branch | main | master, develop |
| Merge strategy | --squash | --merge, --rebase |
| PR title | chore(deps): update container image | Custom format |
Agentic Optimizations
| Context | Command |
|---------|---------|
| Quick status check | /configure:argocd-automerge --check-only |
| Auto-create workflow | /configure:argocd-automerge --fix |
| List image-updater branches | git branch -r --list 'origin/image-updater-*' |
| Verify workflow exists | find .github/workflows -name '*argocd*automerge*' 2>/dev/null |
Flags
| Flag | Description |
|------|-------------|
| --check-only | Report status without offering fixes |
| --fix | Create/update workflow automatically |
See Also
/configure:workflows- GitHub Actions CI/CD workflows/configure:container- Container infrastructureci-workflowsskill - Workflow patterns
Related Skills
laurigates/workflow-verify-before-filing
testing
VerifiedTrustedCommunity
Verify accumulated bug claims at upstream HEAD and dedup against trackers before filing issues. Use when filing upstream reports from backlogs, audit docs, or git-history findings.
38SKILL.mdUpdated Jun 12, 2026
laurigates/cold-read-gate
documentation
VerifiedTrustedCommunity
Gate outward-bound text (upstream issues, docs, PR bodies) through isolated haiku fresh-reader critique before publishing. Use when an artifact must survive a reader with zero project context.
38SKILL.mdUpdated Jun 12, 2026
laurigates/evaluate-improve
tools
VerifiedTrustedCommunity
Suggest improvements to SKILL.md content, descriptions, or tool config from eval results. Use when raising pass rates, fixing triggering, or iterating on a skill after evaluation.
38SKILL.mdUpdated Apr 16, 2026
laurigates/deadbranch
tools
VerifiedTrustedCommunity
deadbranch CLI for stale-branch cleanup — dry-run preview, TUI or non-interactive delete, protects main/develop/WIP. Use when asked to clean up branches, prune branches, or remove stale branches.
37SKILL.mdUpdated Jun 11, 2026