The downside with applying after the PR is merged is that you end up 'polluting' the main branch with (possibly many) attempts to fix the problem. With that in mind, I do like the atlantis approach where you don't merge unless the branch has been applied successfully.