diff --git a/.github/workflows/gh-aw-dependency-review.md b/.github/workflows/gh-aw-dependency-review.md index 53063172..6d9ae3a9 100644 --- a/.github/workflows/gh-aw-dependency-review.md +++ b/.github/workflows/gh-aw-dependency-review.md @@ -1,7 +1,7 @@ --- inlined-imports: true name: "Dependency Review" -description: "Analyze Dependabot and Renovate dependency update PRs" +description: "Analyze Dependabot, Renovate, and Updatecli dependency update PRs" imports: - gh-aw-fragments/elastic-tools.md - gh-aw-fragments/runtime-setup.md @@ -84,7 +84,7 @@ steps: # Dependency Review Agent -Analyze dependency update pull requests (Dependabot, Renovate) in ${{ github.repository }}. Provide a detailed analysis comment covering changelog highlights, compatibility, risk, and ecosystem-specific checks. +Analyze dependency update pull requests (Dependabot, Renovate, Updatecli) in ${{ github.repository }}. Provide a detailed analysis comment covering changelog highlights, compatibility, risk, and ecosystem-specific checks. ## Context diff --git a/.github/workflows/trigger-dependency-review.yml b/.github/workflows/trigger-dependency-review.yml index eaa740f4..1d3ef754 100644 --- a/.github/workflows/trigger-dependency-review.yml +++ b/.github/workflows/trigger-dependency-review.yml @@ -15,7 +15,11 @@ jobs: run: if: >- github.event.pull_request.user.login == 'dependabot[bot]' || - github.event.pull_request.user.login == 'renovate[bot]' + github.event.pull_request.user.login == 'renovate[bot]' || + startsWith(github.head_ref, 'updatecli') uses: ./.github/workflows/gh-aw-dependency-review.lock.yml + # For updatecli: uncomment and set your repo's updatecli bot actor (it varies per repo). + # with: + # allowed-bot-users: "github-actions[bot]" secrets: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} diff --git a/docs/workflows/gh-agent-workflows.md b/docs/workflows/gh-agent-workflows.md index 3821bdeb..06b492c4 100644 --- a/docs/workflows/gh-agent-workflows.md +++ b/docs/workflows/gh-agent-workflows.md @@ -54,7 +54,7 @@ These pair together: a Scheduled Audit finds problems, a Scheduled Fix resolves | Workflow | Trigger | Description | | --- | --- | --- | -| [Dependency Review](gh-agent-workflows/dependency-review.md) | Dependabot/Renovate PRs | Analyze dependency updates across ecosystems with changelog, compatibility, and risk checks | +| [Dependency Review](gh-agent-workflows/dependency-review.md) | Dependabot/Renovate/Updatecli PRs | Analyze dependency updates across ecosystems with changelog, compatibility, and risk checks | | [Duplicate Issue Detector](gh-agent-workflows/duplicate-issue-detector.md) | New issues | Detect duplicate issues and comment with links | | [Issue Triage](gh-agent-workflows/issue-triage.md) | New issues | Investigate and provide implementation plans | | [Issue Fixer](gh-agent-workflows/issue-fixer.md) | New issues | Triage plus automatic draft PR for straightforward fixes | diff --git a/gh-agent-workflows/dependency-review/README.md b/gh-agent-workflows/dependency-review/README.md index 7d7b58f1..9708ee72 100644 --- a/gh-agent-workflows/dependency-review/README.md +++ b/gh-agent-workflows/dependency-review/README.md @@ -1,10 +1,10 @@ # Dependency Review -Analyze Dependabot and Renovate dependency update PRs. +Analyze Dependabot, Renovate, and Updatecli dependency update PRs. ## How it works -Triggered when Dependabot or Renovate opens or updates a PR. Classifies each dependency by ecosystem (GitHub Actions, Go, npm, Python, Java, Buildkite, etc.), runs shared checks (changelog, usage analysis, compatibility, testability), and applies ecosystem-specific checks where relevant. Posts a structured analysis comment and optionally labels the PR `needs-human-review` or `higher-risk`. +Triggered when Dependabot, Renovate, or Updatecli opens or updates a PR. Classifies each dependency by ecosystem (GitHub Actions, Go, npm, Python, Java, Buildkite, etc.), runs shared checks (changelog, usage analysis, compatibility, testability), and applies ecosystem-specific checks where relevant. Posts a structured analysis comment and optionally labels the PR `needs-human-review` or `higher-risk`. ## Quick Install @@ -20,7 +20,7 @@ See [example.yml](example.yml) for the full workflow file. | Event | Types | Condition | | --- | --- | --- | -| `pull_request` | `opened`, `synchronize`, `reopened` | PR author is `dependabot[bot]` or `renovate[bot]` | +| `pull_request` | `opened`, `synchronize`, `reopened` | PR author is `dependabot[bot]` or `renovate[bot]`, or branch name starts with `updatecli` | ## Inputs @@ -28,7 +28,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | -| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated). For Updatecli, add your repo's updatecli bot actor here (e.g. `github-actions[bot]` or a custom app bot). | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/dependency-review/example.yml b/gh-agent-workflows/dependency-review/example.yml index 74bb07a3..3978c01a 100644 --- a/gh-agent-workflows/dependency-review/example.yml +++ b/gh-agent-workflows/dependency-review/example.yml @@ -13,7 +13,11 @@ jobs: run: if: >- github.event.pull_request.user.login == 'dependabot[bot]' || - github.event.pull_request.user.login == 'renovate[bot]' + github.event.pull_request.user.login == 'renovate[bot]' || + startsWith(github.head_ref, 'updatecli') uses: elastic/ai-github-actions/.github/workflows/gh-aw-dependency-review.lock.yml@v0 + # For updatecli: uncomment and set your repo's updatecli bot actor (it varies per repo). + # with: + # allowed-bot-users: "github-actions[bot]" secrets: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}