Commit 5bde67f
committed
ci: skip PR Preview and Version Check on Dependabot PRs
Both workflows failed on every Dependabot PR for reasons that don't apply to
dependency bumps:
- PR Preview publishes a dev build to Test PyPI + Docker Hub. On a dependency
bump there's no version change, so the publish 400s ("File already exists")
-- and it needs publish secrets a Dependabot PR shouldn't carry anyway.
- Version Check requires an incremented app version, but Dependabot PRs touch
uv.lock / pyproject.toml without bumping socketsecurity's version, so the
check always fails.
Add a job-level `if` to skip each on `dependabot[bot]`-authored PRs (same
pattern already used for e2e-test.yml). Job-level skips report as "skipped"
rather than blocking, and these stay required for human-authored PRs.
Follow-up to #207 (the Dependabot review hardening), addressing fallout
observed once that config went live on real Dependabot PRs.
Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>1 parent cdd3bf6 commit 5bde67f
2 files changed
Lines changed: 11 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
8 | | - | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
9 | 15 | | |
10 | 16 | | |
11 | 17 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
14 | 14 | | |
15 | 15 | | |
16 | 16 | | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
17 | 21 | | |
18 | 22 | | |
19 | 23 | | |
| |||
0 commit comments