fix: add workflow_dispatch trigger to dependabot-rebase workflow

[don-petry]

Adds workflow_dispatch to allow manual triggering of the Dependabot rebase workflow to flush the PR queue after batch updates. See petry-projects/.github#139

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Warning

Rate limit exceeded

@don-petry has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 58 minutes and 53 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 58 minutes and 53 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c167e35f-0994-4f43-9d21-9d3033d920cd

📥 Commits

Reviewing files that changed from the base of the PR and between a13e964 and db0d8c9.

📒 Files selected for processing (1)

• .github/workflows/dependabot-rebase.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/dependabot-rebase-dispatch

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR adds a manual trigger to the existing Dependabot rebase “thin caller” workflow so maintainers can run it on-demand to flush the Dependabot PR queue after batch updates.

Changes:

• Add workflow_dispatch to .github/workflows/dependabot-rebase.yml so the workflow can be triggered manually.

[Copilot]

This adds a new trigger event (workflow_dispatch) but the header comment for this workflow explicitly says the caller stub "MUST NOT change: trigger event" and to instead open a PR against the central reusable/source-of-truth. To keep this repo in sync, please make this change in the org-level standard workflow (or update from the source-of-truth) rather than customizing the trigger here.

Suggested change

workflow_dispatch: # allow manual trigger to flush Dependabot PR queue

[don-petry]

Automated review — APPROVED

Risk: LOW
Reviewed commit: db0d8c9d9106779d63c77b8d9667344a59ea6f14
Cascade: triage → deep (see triage: haiku 4.5 → deep: sonnet 4.6 + duck: gpt-5.4 → audit: opus 4.6 for models)

Summary

PR adds a bare workflow_dispatch trigger (no inputs) to the Dependabot rebase workflow, allowing authorized maintainers to manually flush the PR queue. All CI checks pass (CodeQL, SonarCloud, AgentShield, Node.js/Playwright tests) with zero new issues or security hotspots. The triage escalation was caused by a system error (triage-output-invalid), not a genuine risk signal.

Findings

Info

• .github/workflows/dependabot-rebase.yml:31 — workflow_dispatch without inputs is a safe, standard pattern; it only grants manual trigger capability to users with repository write access. No injection risk. (category: github-actions)
• All status checks succeeded: CodeQL, SonarCloud (0 issues, 0 security hotspots), AgentShield, CI Pipeline, Node.js Tests, Playwright UI Tests, Dependency audit. (category: ci)

CI status

All status checks passed: CodeQL, SonarCloud (0 issues, 0 security hotspots), AgentShield, CI Pipeline, Node.js Tests, Playwright UI Tests, Dependency audit.

---

Reviewed by the don-petry PR-review cascade (triage: haiku 4.5 → deep: sonnet 4.6 + duck: gpt-5.4 → audit: opus 4.6). Reply with @don-petry if you need a human.

[don-petry]

Superseded by # which adopts the full standard verbatim including workflow_dispatch and the corrected SHA.