fix(ci): support Dependabot in external PR test workflow#277
fix(ci): support Dependabot in external PR test workflow#277vishal-bala merged 3 commits intomainfrom
Conversation
🛡️ Jit Security Scan Results
✅ No security findings were detected in this PR
Security scan by Jit
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review completed. The changes properly extend the workflow to support Dependabot PRs while maintaining security by preserving the manual trigger requirement and disabling persisted credentials.
🤖 Automated review complete. Please react with 👍 or 👎 on the individual review comments to provide feedback on their usefulness.
There was a problem hiding this comment.
Reviewed the workflow changes for Dependabot support. Found a potential issue with null reference handling that could cause the workflow to fail. See inline comment for details.
🤖 Automated review complete. Please react with 👍 or 👎 on the individual review comments to provide feedback on their usefulness.
2 participants
Summary
With this change, a maintainer can go to Actions -> Test External PR, provide the PR number of the Dependabot PR, and run the workflow. This will create a status check on the PR that resolves to whether the tests have passed.
Note
Low Risk
Low risk CI-only change; main impact is whether the workflow correctly validates/labels external PRs and reports check-run status for the intended PR/commit.
Overview
Renames the manual workflow from fork-only to external PR testing and broadens validation to allow Dependabot PRs in addition to forked PRs.
Resolves and reuses the PR number via job outputs, improving check-run messaging, and enhances check runs with a
details_urlplus richer status text. Checkout now disables persisted credentials (persist-credentials: false) when pulling external PR code.Reviewed by Cursor Bugbot for commit 4d9bbf7. Bugbot is set up for automated code reviews on this repo. Configure here.