Fix dependabot YAML parse and drop dead label references

Zanges · claude · Zanges · commit 0252af70b194 · 2026-05-21T17:36:48.000+02:00
The Approve PR step in dependabot-automerge.yml had an inline
`${{ steps.decide.outputs.reason }}` expansion inside an unquoted
flow-scalar `run:` value. The expansion produces a string containing
`: ` (e.g. "major update — manual review required"), which strict YAML
parsers reject with "mapping values are not allowed here." GitHub
Actions' parser was lenient enough to run it, but Dependabot's parser
failed the file and refused to update PRs, posting "Dependabot can't
parse your dependabot-automerge.yml" on every dependency PR.

Fix: move the interpolation into env: (REASON) and switch all three
`run:` lines to block scalars. This also matches the GitHub-recommended
pattern that protects against shell injection if an upstream value ever
contains shell metacharacters.

Also drops references to labels that were removed in the label-cleanup
pass (feature, fix, chore) from release.yml's changelog config; those
labels no longer exist on the repo so their bucket entries were dead.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/.github/release.yml b/.github/release.yml
@@ -8,19 +8,16 @@ changelog:
     - title: Features
       labels:
         - enhancement
-        - feature
     - title: Bug Fixes
       labels:
         - bug
-        - fix
     - title: Dependencies
       labels:
         - dependencies
     - title: Internal
       labels:
         - internal
         - refactor
-        - chore
         - tests
         - ci
         - docs
diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml
@@ -70,19 +70,23 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_URL: ${{ github.event.pull_request.html_url }}
-        run: gh pr review --approve "$PR_URL" --body "Auto-approved: ${{ steps.decide.outputs.reason }}."
+          REASON: ${{ steps.decide.outputs.reason }}
+        run: |
+          gh pr review --approve "$PR_URL" --body "Auto-approved: $REASON."
 
       - name: Enable auto-merge (squash)
         if: steps.decide.outputs.should_merge == 'true'
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_URL: ${{ github.event.pull_request.html_url }}
-        run: gh pr merge --auto --squash "$PR_URL"
+        run: |
+          gh pr merge --auto --squash "$PR_URL"
 
       - name: Leave a note for manual review
         if: steps.decide.outputs.should_merge != 'true'
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_URL: ${{ github.event.pull_request.html_url }}
+          REASON: ${{ steps.decide.outputs.reason }}
         run: |
-          gh pr comment "$PR_URL" --body "Auto-merge skipped: ${{ steps.decide.outputs.reason }}. Review manually."
+          gh pr comment "$PR_URL" --body "Auto-merge skipped: $REASON. Review manually."
