Fix dependabot lock-sync workflow triggering on 3007.x#69629
Merged
Conversation
Two bugs kept the Sync .lock files job from running for 3007.x PRs, leaving lock files stale: - on.pull_request.branches omitted 3007.x (it only listed master and 3006.x), so the workflow never triggered for PRs targeting 3007.x. Add all four release branches. - The actor guard only matched 'dependabot', so it skipped whenever the salt-pr-bot rebase bot re-pushed a branch. Also fire for salt-pr-bot.
twangboy
approved these changes
Jul 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Make the automated Dependabot lock-file sync actually run for
3007.xPRs.Two bugs in
.github/workflows/dependabot-sync.ymlkept theSync .lock filesjob from running on
3007.x, which is why recent Dependabot PRs landed with stale/ inconsistent lock files:
on.pull_request.branchesonly listedmasterand3006.x, so the workflow never triggered for PRs whose base is3007.x. Nowlists all four release branches.
dependabot; it skipped whenever thesalt-pr-botrebase bot re-pushed the branch (github.actorbecomessalt-pr-bot[bot]). Now also fires forsalt-pr-bot.Notes
3007.xalready relocks clean.ignorerules for vcert/pylint live in the companionmasterPR (Dependabot only reads config from the default branch).Follow-up
Once this and the companion branch PRs merge, the stale Dependabot PRs
(#69586–#69589) can be closed so Dependabot regenerates fresh ones.