[codex] Add CI-gated Dependabot automation#30
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 381de40857
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| is_major = "update-type: version-update:semver-major" in body | ||
| dependabot_authors = {"dependabot[bot]", "app/dependabot"} | ||
| is_dependabot = author in dependabot_authors and "dependencies" in labels | ||
| should_merge = is_dependabot and not pr.get("isDraft") and not is_major |
There was a problem hiding this comment.
When Dependabot pushes or rebases the same branch while an older CI run is still finishing, this workflow_run can be successful for the old commit, but the later merge step operates on the PR's current head. Since should_merge does not compare the successful run's SHA/check suite with the current PR head, a newer untested or failing commit can be merged unless branch protection independently blocks it. Gate this on the current PR head having the successful CI result before returning true.
Useful? React with 👍 / 👎.
1 participant
Summary
Validation