Skip to content

ci: skip PR overview for Dependabot#372

Open
umair-ably wants to merge 1 commit intomainfrom
fix-ci-dependabot-and-web-cli
Open

ci: skip PR overview for Dependabot#372
umair-ably wants to merge 1 commit intomainfrom
fix-ci-dependabot-and-web-cli

Conversation

@umair-ably
Copy link
Copy Markdown
Collaborator

@umair-ably umair-ably commented Apr 24, 2026
edited
Loading

Summary

Failures seen on Dependabot PRs (e.g. #371).

Fix 1 (code change in this PR): the Generate PR Overview job now skips for Dependabot PRs.

The job uses actions/create-github-app-token with CLAUDE_APP_ID / CLAUDE_APP_PRIVATE_KEY, which are only set in the Actions secret scope. Dependabot has its own separate secret scope, and those two secrets aren't mirrored there — so on every Dependabot PR the step fails with 'client-id' input must be set to a non-empty string. A generated PR overview isn't useful for dependency bumps, so skipping is the right call.

Test plan

  • Merge to main; next Dependabot PR should show Generate PR Overview as skipped (not failed)
  • Confirm non-Dependabot PRs continue to run Generate PR Overview as before

@umair-ably
ci(pr-overview): skip job for Dependabot PRs
dbec09f 
Dependabot PRs don't have access to the CLAUDE_APP_ID /
CLAUDE_APP_PRIVATE_KEY secrets (they aren't mirrored into the
Dependabot secret scope), so actions/create-github-app-token
always fails with "'client-id' input must be set to a non-empty
string". A generated PR overview isn't useful for dependency
bumps anyway.
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 24, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
cli-web-cli Ready Ready Preview, Comment Apr 24, 2026 10:42am

Request Review

@claude-code-ably-assistant
Copy link
Copy Markdown

claude-code-ably-assistant Bot commented Apr 24, 2026

Walkthrough

This PR fixes a recurring CI failure on Dependabot PRs where the Generate PR Overview job was failing because Dependabot's secret scope doesn't include CLAUDE_APP_ID / CLAUDE_APP_PRIVATE_KEY. The job is now skipped for Dependabot PRs entirely — generated overviews aren't useful for dependency bumps anyway. The PR also documents (but does not code-fix) a separate Dependabot secret-scope drift issue affecting Web CLI and e2e-cli tests, which requires an admin action outside this PR.

Changes

Area Files Summary
Config .github/workflows/pr-overview.yml Added github.actor != 'dependabot[bot]' condition so the Generate PR Overview job is skipped for Dependabot PRs

Review Notes

  • No code changes — this is a single-line CI workflow fix.
  • Breaking changes: None. Non-Dependabot PRs are unaffected.
  • Admin action required (not in this PR): Two Dependabot-scope secrets (TERMINAL_SERVER_SIGNING_SECRET, E2E_ABLY_ABLY_ACCESS_TOKEN) have drifted from their Actions-scope counterparts. Web CLI ui-tests/session-tests and Control-API e2e tests will continue failing on Dependabot PRs until an admin syncs them via gh secret set --app dependabot.
  • The PR description includes detailed evidence and the exact commands needed for the admin fix — reviewers should ensure that follow-up happens.

@umair-ably umair-ably requested a review from AndyTWF April 24, 2026 10:45
@umair-ably umair-ably changed the title ci: skip PR overview for Dependabot; note on web CLI signing secret ci: skip PR overview for Dependabot Apr 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AndyTWF AndyTWF AndyTWF approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@umair-ably @AndyTWF