fix: add dependabot-automerge-petry bypass to protect-branches and TalkTerm main rulesets

[don-petry]

Problem

The dependabot-automerge-petry GitHub App is only a bypass actor on the pr-quality ruleset. GitHub evaluates bypass actors per-ruleset — a bypass in one ruleset does NOT carry to another. When multiple rulesets target main and any of them has a pull_request or required_status_checks rule without the app bypass, the merge API call is rejected.

Affected repos:

• .github — has protect-branches ruleset (id=14759907) with only Admin-role bypass
• TalkTerm — has main ruleset (id=14592513) with only Admin-role bypass

Symptom: The rebase workflow's direct merge calls (using the app token) fail silently. All Dependabot PRs show "Warning: failed to merge PR #N" in the workflow logs even when all CI checks pass and the PR is MERGEABLE.

Fix Required

Add dependabot-automerge-petry (GitHub App, actor_id: 3167543) with bypass_mode: always to:

1. .github → protect-branches ruleset (id=14759907):

   • Go to: Settings → Rules → Rulesets → protect-branches → Edit
   • Add bypass actor: dependabot-automerge-petry (GitHub Apps), mode: Always

2. TalkTerm → main ruleset (id=14592513):

   • Go to: Settings → Rules → Rulesets → main → Edit
   • Add bypass actor: dependabot-automerge-petry (GitHub Apps), mode: Always

This requires the GitHub UI or a classic PAT with administration:repo scope — the default OAuth token cannot PATCH rulesets.

Workaround (applied)

The current backlog of 10 stuck Dependabot PRs was manually merged using admin token. The protect-branches/main rulesets will continue to block the automated pipeline until this fix is applied.

Standard Updated

standards/github-settings.md now documents that ALL rulesets targeting main must include the dependabot-automerge-petry bypass — not just pr-quality. See PR #202.