ci: replace stale dependabot guards with renovate#2661
Open
leventebalogh wants to merge 4 commits into
Open
Conversation
The repo uses Renovate (see .github/renovate.json), so the `github.actor != 'dependabot[bot]'` guards in our workflows no longer match the bot opening PRs. Update ci.yml to skip the sign-plugin, Knip report, and release steps for `renovate[bot]` instead, and drop the dependabot guard from check-labels.yml so the action runs on Renovate PRs (its JS already handles `renovate[bot]` internally).
leventebalogh
added
no-changelog
leventebalogh
requested review from
oshirohugo,
s4kh and
wbrowne
and removed request for
a team
leventebalogh
requested review from
ashharrison90 and
jackw
and removed request for
a team
Contributor
|
Hello! 👋 This repository uses Auto for releasing packages using PR labels. ✨ This PR can be merged. It will not be considered when calculating future versions of the npm packages and will not appear in the changelogs. |
Contributor
There was a problem hiding this comment.
Pull request overview
Replaces stale dependabot[bot] actor guards with renovate[bot] in CI workflows, and drops a now-redundant job-level guard in check-labels.yml since the inner action already has a Renovate code path. Intended to restore the original protective intent of these guards after the repo switched from Dependabot to Renovate.
Changes:
- Update three actor guards in
.github/workflows/ci.yml(sign-plugin step, Frontend Knip Report step, release job) fromdependabot[bot]torenovate[bot]. - Remove the job-level
dependabot[bot]guard in.github/workflows/check-labels.yml, deferring to the action's internal Renovate handling.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .github/workflows/ci.yml | Swap dependabot actor guards for renovate on sign-plugin, Knip report, and release job |
| .github/workflows/check-labels.yml | Drop job-level dependabot guard; rely on action's built-in Renovate path |
Concern: Recent repo history (CHANGELOG.md, README.md, .autorc) indicates the active Renovate bot identity is renovate-sh-app[bot], not renovate[bot]. If so, the new guards will be no-ops (same problem as before), and the check-labels removal will surface missing-label errors on Renovate PRs.
The active Renovate identity in this repo is `renovate-sh-app[bot]` (verified against recent PRs #2634, #2625, #2623); `renovate[bot]` only appears in older history. The previous patch using `renovate[bot]` alone would have been a no-op for current Renovate PRs. Match both identities in the sign-plugin, Frontend Knip Report, and release-job guards in ci.yml so the original protective intent works for the active bot while staying backward-compatible with the legacy identity.
The active Renovate bot in this repo is `renovate-sh-app[bot]`, so the existing `userName === 'renovate[bot]'` fast-path never matched and Renovate PRs were falling through to the missing-semver-label error path. Match both identities so the auto-labelling logic (no-changelog for lock-only changes, patch otherwise) actually runs for current Renovate PRs while remaining backward-compatible with the legacy `renovate[bot]` identity. Required follow-up to PR #2661, which dropped the workflow-level dependabot guard and exposed this pre-existing bug.
andresmgot
approved these changes
May 28, 2026
jackw
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed?
Replaced the stale
github.actor != 'dependabot[bot]'guards in our GitHub workflows withrenovate[bot]- I think this makes sense as we don't rely on dependabot for things like this now?