From 1740b4a0a77944e4a13d974ab223e1315c00f834 Mon Sep 17 00:00:00 2001
From: Lorenzo Pistone <lorenzo.pistone@corvina.io>
Date: Tue, 26 May 2026 17:56:05 +0200
Subject: [PATCH] ECC-8262: add Dependabot-safe mirror workflow and skip filter

---
 .github/workflows/dependabot-push.yaml        | 13 +++++++++++
 .../mirror-repository-dependabot.yaml         | 22 +++++++++++++++++++
 .github/workflows/mirror-repository.yaml      |  3 ++-
 3 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/dependabot-push.yaml
 create mode 100644 .github/workflows/mirror-repository-dependabot.yaml

diff --git a/.github/workflows/dependabot-push.yaml b/.github/workflows/dependabot-push.yaml
new file mode 100644
index 0000000..3fad68c
--- /dev/null
+++ b/.github/workflows/dependabot-push.yaml
@@ -0,0 +1,13 @@
+name: Dependabot Push Detector
+
+on:
+  push:
+
+jobs:
+  detect-dependabot:
+    runs-on: ubuntu-24.04
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+    - run: echo "Dependabot PR validated"
+    - name: Debug workflow_run event
+      run: echo "${{ toJson(github.event.workflow_run) }}"
diff --git a/.github/workflows/mirror-repository-dependabot.yaml b/.github/workflows/mirror-repository-dependabot.yaml
new file mode 100644
index 0000000..f8767d4
--- /dev/null
+++ b/.github/workflows/mirror-repository-dependabot.yaml
@@ -0,0 +1,22 @@
+name: Mirror Repository (Dependabot)
+
+on:
+  workflow_run:
+    workflows: 
+      - Dependabot Push Detector
+    types:
+      - completed
+
+jobs:
+  mirror:
+    name: Mirror repository (with secrets)
+    runs-on: ubuntu-24.04
+    if: >
+      github.event.workflow_run.actor.login == 'dependabot[bot]'
+      
+    steps:
+      - uses: actions/checkout@v6
+      - name: Mirror to Bitbucket
+        uses: Corvina-R-D/corvina-github-public-actions/mirror-public-repository@v1
+        with:
+          target: https://x-token-auth:${{ secrets.BITBUCKET_ACCESS_TOKEN }}@bitbucket.org/exorint/mirror-corvina-device-sdk-node.git
diff --git a/.github/workflows/mirror-repository.yaml b/.github/workflows/mirror-repository.yaml
index 735a4c8..d9706a3 100644
--- a/.github/workflows/mirror-repository.yaml
+++ b/.github/workflows/mirror-repository.yaml
@@ -7,7 +7,8 @@ jobs:
   mirror:
     name: Mirror repository
     runs-on: ubuntu-24.04
+    if: github.actor != 'dependabot[bot]'
     steps:
       - uses: Corvina-R-D/corvina-github-public-actions/mirror-public-repository@v1
         with:
-          target: https://x-token-auth:${{ secrets.BITBUCKET_ACCESS_TOKEN }}@bitbucket.org/exorint/mirror-corvina-device-sdk-node.git
\ No newline at end of file
+          target: https://x-token-auth:${{ secrets.BITBUCKET_ACCESS_TOKEN }}@bitbucket.org/exorint/mirror-corvina-device-sdk-node.git