Skip to content

Exempt Dependabot from protected configuration file guard#29

Merged
Chris-Wolfgang merged 1 commit into
mainfrom
fix/exempt-dependabot-from-protected-files-guard
Apr 27, 2026
Merged

Exempt Dependabot from protected configuration file guard#29
Chris-Wolfgang merged 1 commit into
mainfrom
fix/exempt-dependabot-from-protected-files-guard

Conversation

@Chris-Wolfgang

Copy link
Copy Markdown
Owner

Summary

Skips the protected-files guard in pr.yaml for Dependabot PRs so weekly analyzer-package bumps land cleanly without manual branch-protection toggling.

Why

The guard exists to stop untrusted PR authors from disabling analyzers in their own PRs. It does not apply to Dependabot — a GitHub-controlled bot whose user.login (dependabot[bot]) is not spoofable from PR contents.

Adds if: github.event.pull_request.user.login != 'dependabot[bot]' to:

  • Fetch trusted configuration files from main branch (in every job — 9 occurrences) — so Dependabot bumps are not silently overwritten by main during build/test
  • Detect protected configuration file changes (Detect .NET Projects job) — so legitimate bumps do not fail CI

Human PRs continue to be validated identically. Mirror of Chris-Wolfgang/repo-template#315.

🤖 Generated with Claude Code

@Chris-Wolfgang Chris-Wolfgang merged commit 7ae989a into main Apr 27, 2026
7 checks passed
Chris-Wolfgang added a commit that referenced this pull request Apr 27, 2026
…lop-pr29

Merge main into develop (PR #29 Dependabot exemption catch-up)
@Chris-Wolfgang Chris-Wolfgang deleted the fix/exempt-dependabot-from-protected-files-guard branch May 2, 2026 01:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant