ci: replace dependabot-rebase.yml with canonical org stub

[don-petry]

Summary

• Replaces the outdated dependabot-rebase.yml stub with the verbatim canonical template from petry-projects/.github/standards/workflows/dependabot-rebase.yml
• Adds the missing schedule trigger (0 */4 * * *) that acts as a safety net when no pushes to main occur
• Updates inline comments to accurately document all triggers and required permissions (contents:write + pull-requests:write)

Changes

The file was diverged from the org standard in two ways:

1. Missing schedule trigger — the safety net that runs every 4 hours
2. Outdated comment (missing schedule in the trigger list and incomplete APP_ID permission description)

The uses: SHA (b51e2edf830ea085be0277bcf3174c7b3ec8f958 # v1) was already correct and is unchanged.

Compliance

Resolves the non-stub-dependabot-rebase.yml compliance finding by matching the canonical stub exactly.

Closes #157

---

Generated with Claude Code

[coderabbitai]

Warning

Rate limit exceeded

@don-petry has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 29 minutes and 41 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5aabb7a5-7696-4a37-bd0e-748f46c93251

📥 Commits

Reviewing files that changed from the base of the PR and between 8136d1b and 2e9214a.

📒 Files selected for processing (1)

• .github/workflows/dependabot-rebase.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/issue-157-20260508-1415

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[don-petry]

@petry-projects/org-leads — this PR brings dependabot-rebase.yml into compliance with the org standard stub (fixes #157). The diff is minimal: adds the missing schedule trigger and updates inline comments to match the canonical template. CI checks are running — please review and merge when green.

[Copilot]

Pull request overview

Updates the repository’s Dependabot rebase workflow stub to match the org’s canonical thin-caller pattern, adding a scheduled safety-net run and aligning inline documentation with the actual triggers and required GitHub App permissions.

Changes:

• Add a schedule trigger (0 */4 * * *) to ensure periodic runs even without pushes to main.
• Update header comments to document all triggers (push, schedule, workflow_dispatch) and clarify the GitHub App permissions needed.
• Keep the existing reusable workflow pin unchanged.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[donpetry-bot]

Automated review — APPROVED ✓

Risk: LOW
Reviewed commit: 1272435b13fdb4acb2de927d76806ee7e2280ff9
Review mode: triage-approved (single reviewer)

Summary

Prompt-only changes to the org status report template that reduce output size by ~29K bytes. Three changes: (1) Open Issues grouped by repo subsection instead of flat table, dropping the repeated Repo column; (2) duplicate [#N](url) | [title](url) cells merged into single [#N — title](url) cells across Needs Human Review, Open Issues, and Open Discussions tables; (3) MAX_BYTES bumped from 60000 to 64000 (still 1536 bytes below GitHub's 65536 char limit). No data-shape changes.

Linked issue analysis

No closing issue linked, but the PR body clearly describes the problem: daily report #233 exceeded the 60000-byte truncation threshold, causing head -c to drop the start of the report (the @org-leads opener and first three sections). The changes directly address this by shrinking the rendered output.

Findings

No issues found.

• MAX_BYTES 64000: Safe — leaves 1536 bytes of headroom below GitHub's 65536-char issue body limit. Combined with the ~29K reduction in report size, truncation should rarely trigger.
• Prompt template changes: Clean restructuring. The per-repo subsection format for Open Issues and the single-link cell pattern are consistent across all three tables.
• No security concerns: No secrets, auth, eval, injection vectors, or CI security changes.
• Copilot's suppressed comment about UTF-8 truncation in head -c is a pre-existing concern in the truncation step, not introduced by this PR.

CI status

All checks passed:

• Lint: ✓
• ShellCheck: ✓
• Agent Security Scan: ✓
• AgentShield: ✓
• CodeQL (actions): ✓
• SonarCloud: ✓ (0 new issues, 0 security hotspots)
• Dependency audit: ✓

---

Reviewed automatically by the PR-review agent (single-reviewer). Reply if you need a human review.

[github-actions]

Auto-rebase blocked — the base branch contains .github/workflows/ changes that require the workflows permission to merge into this branch, but the auto-rebase workflow's token does not have that permission.

Please rebase this branch manually:

git fetch origin
git rebase origin/main
git push --force-with-lease

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud