[codex] Automate Dependabot maintenance#38
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 17cd27de42
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if: steps.merge_guard.outputs.should_merge == 'true' | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: gh pr merge "${{ steps.pr.outputs.pr_number }}" --repo "${GITHUB_REPOSITORY}" --rebase --delete-branch |
There was a problem hiding this comment.
In the CI-gated auto-merge path I checked, this merges the current PR head whenever any successful workflow_run for the Dependabot branch completes, but it never verifies that the PR head still equals github.event.workflow_run.head_sha. If Dependabot rebases or pushes a newer update while an older CI run is queued or just completed, gh pr merge will merge that newer, untested commit; the GitHub CLI exposes --match-head-commit <SHA> specifically to require the PR head SHA to match before merging. Pass the workflow run head SHA to the merge command so the CI result is tied to the commit being merged.
Useful? React with 👍 / 👎.
1 participant
Summary
Validation