Skip to content

Comments

remove auto-dependabot#31

Open
spatten wants to merge 4 commits intomainfrom
remove-autodependabot
Open

remove auto-dependabot#31
spatten wants to merge 4 commits intomainfrom
remove-autodependabot

Conversation

@spatten
Copy link
Contributor

@spatten spatten commented Feb 20, 2026

Overview

Remove the auto-merge workflow for dependabot.

Acceptance criteria

  • We no longer allow dependabot to automerge on this repository

Testing plan

Metrics

Risks

References

Checklist

  • I added tests for this PR's change (or explained in the PR description why tests don't make sense).

@spatten spatten requested a review from a team as a code owner February 20, 2026 22:25
@spatten spatten requested a review from Conor-FOSSA February 20, 2026 22:25
@coderabbitai
Copy link

coderabbitai bot commented Feb 20, 2026

Walkthrough

The GitHub Actions workflow file at .github/workflows/auto-dependabot.yml has been removed entirely. This workflow previously contained a dependabot-automation job that executed on pull requests and performed automated approval and squash-merging of pull requests via GitHub CLI when the pull request actor matched a specific bot account. The workflow had write permissions configured for repository contents and pull requests.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The PR description covers the main sections but several are incomplete or missing substantive content. Add a Testing plan (concrete steps to verify the workflow is removed), explain why tests don't apply, and provide any relevant issue references. Fill in Metrics and Risks if applicable to this change.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title 'remove auto-dependabot' directly and concisely summarizes the main change: removing the auto-dependabot GitHub Actions workflow.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@spatten
Copy link
Contributor Author

spatten commented Feb 20, 2026

I'm working on a separate PR to switch from tokio-tar to astral-tokio-tar to fix the vuln issue: #32

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant