Skip to content

[changelog] Fix Dependabot fallback branch validation (#191)#193

Merged
coisa merged 2 commits intomainfrom
codex/191-dependabot-fallback-check
Apr 24, 2026
Merged

[changelog] Fix Dependabot fallback branch validation (#191)#193
coisa merged 2 commits intomainfrom
codex/191-dependabot-fallback-check

Conversation

@coisa
Copy link
Copy Markdown
Contributor

@coisa coisa commented Apr 24, 2026

Related Issue

Closes #191

Motivation / Context

  • Dependabot PRs could pass changelog validation after a rebase without actually having their own branch-specific changelog entry.
  • The fallback action was deciding from the checked out PR merge ref instead of the real head branch, which let inherited Unreleased state look good enough.

Changes

  • switch the Dependabot fallback action to fetch and evaluate the actual PR head branch before deciding whether an entry is already present
  • make the action self-contained by fetching the base ref itself and emitting an explicit already-present, auto-created, or missing status
  • fail the fallback action if it still cannot prove that the generated entry exists after creation
  • add regression coverage for rebased branches that inherit unrelated Unreleased entries from main

Verification

  • composer dev-tools
  • Focused command(s):
    • ./vendor/bin/phpunit tests/Changelog/Checker/UnreleasedEntryCheckerTest.php tests/Changelog/DependabotChangelogEntryMessageResolverTest.php tests/Console/Command/ChangelogCheckCommandTest.php tests/Console/Command/ChangelogEntryCommandTest.php
    • bash -n .github/actions/changelog/create-dependabot-entry/run.sh
    • ruby -e 'require "yaml"; YAML.load_file(".github/actions/changelog/create-dependabot-entry/action.yml"); YAML.load_file(".github/workflows/changelog.yml"); puts "yaml ok"'
    • composer dev-tools changelog:check
    • git diff --check
  • Manual verification:

Documentation / Generated Output

  • README updated
  • docs/ updated
  • Generated or synchronized output reviewed

Changelog

  • Added a notable CHANGELOG.md entry

Reviewer Notes

  • The fix intentionally keeps the generic changelog checker as the source of truth for "meaningful branch-specific entry", but now runs that check from the real head branch instead of the PR merge checkout.

github-actions Bot added a commit that referenced this pull request Apr 24, 2026
@github-actions
Update wiki submodule pointer for PR #193
22ff719
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 24, 2026
edited
Loading

🚀 Preview is available for this pull request.

@coisa coisa force-pushed the codex/191-dependabot-fallback-check branch from 22ff719 to 14b9af9 Compare April 24, 2026 00:17
@coisa coisa merged commit 0fe9938 into main Apr 24, 2026
23 checks passed
@coisa coisa deleted the codex/191-dependabot-fallback-check branch April 24, 2026 00:23
@github-project-automation github-project-automation Bot moved this from Backlog to Released in PHP Fast Forward Project Apr 24, 2026
github-actions Bot added a commit that referenced this pull request Apr 24, 2026
@github-actions
chore: remove preview for PR #193
c3ee366
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@coisa coisa

Labels

None yet

Projects

PHP Fast Forward Project
Status: Released

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[changelog] Dependabot fallback can pass validation without persisting a PR-specific changelog entry

1 participant

@coisa