feat: add Dependabot auto-merge workflow #6
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Use centralized reusable workflow from .github repo - Phase 1 policy: Auto-merge PATCH updates only - Squash merge strategy for cleaner history Requires: SecPal/.github#75 to be merged first Benefits: - Automated dependency updates for low-risk PATCH versions - Manual review for MINOR/MAJOR updates - Consistent policy across all SecPal repositories
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds automated Dependabot dependency management for the API repository, implementing Phase 1 of auto-merge capabilities that only merges PATCH-level updates automatically while requiring manual review for MINOR and MAJOR updates.
Key Changes:
- Implements a caller workflow that delegates to a centralized reusable workflow in the
.githubrepository - Configures Phase 1 auto-merge policy (PATCH updates only) with squash merge strategy
- Sets up proper concurrency controls to prevent race conditions during auto-merge operations
Addresses Copilot review feedback for stability
kevalyq
added a commit
that referenced
this pull request
Nov 1, 2025
- TokenRequest: Add 'nullable' to device_name validation (Comment #6) - AuthController: Extract /me closure to me() method (Comment #5) - routes/api.php: Replace inline closure with controller route - AuthTest.php: Replace ALL assertStatus() with specific methods: - assertCreated() for 201 responses (7 occurrences) - assertUnprocessable() for 422 responses (4 occurrences) - assertUnauthorized() for 401 responses (4 occurrences) - assertOk() for 200 responses (5 occurrences) - phpstan.neon: Add new assertion methods to ignore patterns All 57 tests passing, Pint compliant, PHPStan 0 errors.
kevalyq
added a commit
that referenced
this pull request
Nov 1, 2025
* feat: Add Sanctum API token authentication (Issue #50 PR-4) - Add HasApiTokens trait to User model - Create personal_access_tokens migration (Sanctum requirement) - Implement AuthController with token generation, logout, logout-all - Add public /auth/token endpoint for token generation - Add protected /auth/logout and /auth/logout-all endpoints - Add example protected /me endpoint demonstrating auth:sanctum middleware - Add comprehensive AuthTest with 18 test cases covering: * Token generation (valid/invalid credentials, validation, multi-device) * Protected endpoint access (authentication required, token validation) * Token revocation (single/all tokens, database verification) * Security (no sensitive data exposure, token hashing) - Extend PHPStan ignores for PEST framework test patterns - All 57 tests passing (140 assertions) - PHPStan level max: 0 errors - Pint: PSR-12 compliant Scope: ~450 LOC (Controller: 77, Migration: 32, Tests: 264, Routes: 17) Addresses: #50 * fix: Address Copilot review comments - Extract validation to TokenRequest FormRequest (Laravel best practice) - Refine PHPStan ignores: specific methods instead of wildcards - Fix /me endpoint: explicit field selection to prevent sensitive data exposure - Maintain type safety while supporting PEST framework patterns Resolves all 4 Copilot review comments from PR #60. * fix: Address ALL 20 Copilot review comments - TokenRequest: Add 'nullable' to device_name validation (Comment #6) - AuthController: Extract /me closure to me() method (Comment #5) - routes/api.php: Replace inline closure with controller route - AuthTest.php: Replace ALL assertStatus() with specific methods: - assertCreated() for 201 responses (7 occurrences) - assertUnprocessable() for 422 responses (4 occurrences) - assertUnauthorized() for 401 responses (4 occurrences) - assertOk() for 200 responses (5 occurrences) - phpstan.neon: Add new assertion methods to ignore patterns All 57 tests passing, Pint compliant, PHPStan 0 errors. * fix: Address 2 final Copilot review comments (quality gaps) - Add messages() method to TokenRequest for custom validation messages (Laravel best practice: FormRequests should provide user-friendly errors) - Fix null-safety in AuthTest line 89: first()->name to first()?->name (Prevents potential null pointer exception in test assertions) These issues should have been caught in pre-commit self-review. Root cause: Mechanical comment fixes without thorough code quality check. Quality lesson learned: ALWAYS do comprehensive self-review BEFORE push, not just fix automated comments. Check Laravel conventions, null-safety, and best practices proactively.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🤖 Add Dependabot Auto-Merge Workflow
This PR adds automated Dependabot PR merging for PATCH updates to the API repository.
📝 Changes
New File:
.github/workflows/dependabot-auto-merge.yml.githubrepo🔧 Configuration
Auto-merge Policy (Phase 1):
🔗 Dependencies
Requires:
✅ Benefits
🧪 Testing
Once PR #75 is merged in
.githubrepo, this workflow will:📚 Related