Skip to content

ci(dependabot): require reviewer on all Dependabot PRs#18

Merged
cubehouse merged 1 commit intomainfrom
ci/dependabot-reviewers
Apr 20, 2026
Merged

ci(dependabot): require reviewer on all Dependabot PRs#18
cubehouse merged 1 commit intomainfrom
ci/dependabot-reviewers

Conversation

@cubehouse
Copy link
Copy Markdown
Member

Prevents future auto-merge of breaking action bumps.

Prevents auto-merge of broken action bumps (like checkout@v6 which
broke all CI). Dependabot PRs now request review from cubehouse
before they can be merged.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings April 20, 2026 09:07
@cubehouse cubehouse merged commit 6b8fad0 into main Apr 20, 2026
5 checks passed
@cubehouse cubehouse deleted the ci/dependabot-reviewers branch April 20, 2026 09:08
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates Dependabot configuration to request a human reviewer on all Dependabot-generated PRs, aiming to reduce unattended merges of potentially breaking updates.

Changes:

  • Add a default reviewer (cubehouse) for npm Dependabot PRs.
  • Add a default reviewer (cubehouse) for GitHub Actions Dependabot PRs.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/dependabot.yml
Comment on lines +10 to +11
reviewers:
- 'cubehouse'
Copy link

Copilot AI Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding reviewers will request a review from cubehouse, but it does not require approval nor does it inherently block auto-merge. If the goal is to prevent auto-merging breaking updates, ensure branch protection rules require at least one approval (or disable auto-merge for Dependabot PRs) in addition to this config change.

Copilot uses AI. Check for mistakes.
Comment thread .github/dependabot.yml
Comment on lines +36 to +37
reviewers:
- 'cubehouse'
Copy link

Copilot AI Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above: reviewers only adds a requested reviewer; it won’t enforce human approval or prevent auto-merge by itself. To meet the PR intent, pair this with branch protection requiring approvals (or auto-merge restrictions) for Dependabot PRs.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants