ci: skip Claude Code reviewer on Dependabot PRs

[don-petry]

Summary

• Adds github.actor != 'dependabot[bot]' condition to the Claude Code workflow's pull_request trigger
• Prevents the claude check from running (and failing) on Dependabot PRs where CLAUDE_CODE_OAUTH_TOKEN is unavailable
• Unblocks the dependabot auto-merge workflow when claude is a required status check

Test plan

• Verify the claude check does not run on Dependabot PRs after merge
• Verify Claude Code still runs on non-Dependabot PRs and on @claude mentions

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated CI workflow configuration to prevent execution on dependabot pull requests and external forks, improving workflow efficiency.

[coderabbitai]

Warning

Rate limit exceeded

@don-petry has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 4 minutes and 1 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 4 minutes and 1 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 4e21ab20-e063-47f4-bfdf-48f713b05666

📥 Commits

Reviewing files that changed from the base of the PR and between bbdb7ce and 08c4152.

📒 Files selected for processing (1)

• .github/workflows/claude.yml

📝 Walkthrough

Walkthrough

Updated the claude GitHub Actions workflow job's pull request trigger condition to add a security gate: requiring that the PR originates from the current repository and excluding dependabot[bot] from triggering the job. Other event conditions remain unchanged.

Changes

Cohort / File(s)	Summary
Workflow Trigger Condition .github/workflows/claude.yml	Updated pull_request event condition to require PR head repo matches current repository and exclude dependabot[bot] as triggering actor.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• Add Claude Code GitHub Action #12: Introduces the same GitHub Actions workflow file with initial job-level trigger conditions; this PR refines those conditions by adding repository validation and dependabot exclusion.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: adding a condition to skip the Claude Code reviewer on Dependabot PRs, which matches the workflow update to prevent the check from running on those PRs.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/skip-claude-for-dependabot

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR updates the Claude Code GitHub Actions workflow to avoid running the claude job for Dependabot-authored pull requests, addressing failures caused by missing CLAUDE_CODE_OAUTH_TOKEN on Dependabot events and helping Dependabot PRs progress through required checks.

Changes:

• Adds a Dependabot guard to the claude job’s if: expression for pull_request events.
• Keeps @claude mention-based triggering via issue_comment / pull_request_review_comment unchanged.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/claude.yml:
- Around line 18-19: The gating condition currently checks github.actor to
detect Dependabot PRs but github.actor can be a different user for reopened/sync
events; update the workflow conditional expression that uses
"github.event.pull_request.head.repo.full_name == github.repository &&
github.actor != 'dependabot[bot]'" to instead compare the PR author via
github.event.pull_request.user.login (i.e., replace github.actor !=
'dependabot[bot]' with github.event.pull_request.user.login !=
'dependabot[bot]') so Dependabot-authored PRs are consistently excluded.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b013752a-1fa2-4bcc-bf65-e8734a8d71f1

📥 Commits

Reviewing files that changed from the base of the PR and between e664074 and bbdb7ce.

📒 Files selected for processing (1)

• .github/workflows/claude.yml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud