ci(dependabot): require reviewer on all Dependabot PRs#18
Conversation
Prevents auto-merge of broken action bumps (like checkout@v6 which broke all CI). Dependabot PRs now request review from cubehouse before they can be merged. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Updates Dependabot configuration to request a human reviewer on all Dependabot-generated PRs, aiming to reduce unattended merges of potentially breaking updates.
Changes:
- Add a default reviewer (
cubehouse) for npm Dependabot PRs. - Add a default reviewer (
cubehouse) for GitHub Actions Dependabot PRs.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| reviewers: | ||
| - 'cubehouse' |
There was a problem hiding this comment.
Adding reviewers will request a review from cubehouse, but it does not require approval nor does it inherently block auto-merge. If the goal is to prevent auto-merging breaking updates, ensure branch protection rules require at least one approval (or disable auto-merge for Dependabot PRs) in addition to this config change.
| reviewers: | ||
| - 'cubehouse' |
There was a problem hiding this comment.
Same as above: reviewers only adds a requested reviewer; it won’t enforce human approval or prevent auto-merge by itself. To meet the PR intent, pair this with branch protection requiring approvals (or auto-merge restrictions) for Dependabot PRs.
Prevents future auto-merge of breaking action bumps.