Skip to content

Fix dependabot lock-sync workflow triggering on 3007.x#69629

Merged
dwoz merged 1 commit into
3007.xfrom
dwoz/dependabot-sync-fix-3007.x
Jul 1, 2026
Merged

Fix dependabot lock-sync workflow triggering on 3007.x#69629
dwoz merged 1 commit into
3007.xfrom
dwoz/dependabot-sync-fix-3007.x

Conversation

@dwoz

@dwoz dwoz commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

What

Make the automated Dependabot lock-file sync actually run for 3007.x PRs.

Two bugs in .github/workflows/dependabot-sync.yml kept the Sync .lock files
job from running on 3007.x, which is why recent Dependabot PRs landed with stale
/ inconsistent lock files:

  • Branch-filter gap: on.pull_request.branches only listed master and
    3006.x, so the workflow never triggered for PRs whose base is 3007.x. Now
    lists all four release branches.
  • Actor guard: the job only fired for dependabot; it skipped whenever the
    salt-pr-bot rebase bot re-pushed the branch (github.actor becomes
    salt-pr-bot[bot]). Now also fires for salt-pr-bot.

Notes

  • No requirements changes: 3007.x already relocks clean.
  • The Dependabot ignore rules for vcert/pylint live in the companion
    master PR (Dependabot only reads config from the default branch).

Follow-up

Once this and the companion branch PRs merge, the stale Dependabot PRs
(#69586#69589) can be closed so Dependabot regenerates fresh ones.

Two bugs kept the Sync .lock files job from running for 3007.x PRs, leaving lock
files stale:

- on.pull_request.branches omitted 3007.x (it only listed master and 3006.x), so
  the workflow never triggered for PRs targeting 3007.x. Add all four release
  branches.
- The actor guard only matched 'dependabot', so it skipped whenever the
  salt-pr-bot rebase bot re-pushed a branch. Also fire for salt-pr-bot.
@dwoz dwoz requested a review from a team as a code owner July 1, 2026 22:35
@dwoz dwoz merged commit 0abeaf5 into 3007.x Jul 1, 2026
3 checks passed
@dwoz dwoz deleted the dwoz/dependabot-sync-fix-3007.x branch July 1, 2026 22:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants