fix(workflows): allow dependabot PRs and handle missing secrets gracefully

alirezarezvani · claude · alirezarezvani · commit 0304bc4031d5 · 2025-11-07T01:04:45.000+01:00
1. dev-to-main.yml: - Allow dependabot PRs to bypass source branch validation - Dependabot PRs can merge directly to main for dependency updates - Regular PRs still require dev → main flow 2. claude-code-review.yml: - Skip entirely for dependabot PRs (no AI review needed for deps) - Check if CLAUDE_CODE_OAUTH_TOKEN is configured before running - Skip gracefully with warning if secret is missing - Prevents workflow failures when secret is not configured This fixes failing PR checks for dependabot PRs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
@@ -12,8 +12,11 @@ on:
 
 jobs:
   claude-review:
+    # Skip for dependabot PRs (no need for AI review of dependency updates)
+    if: github.actor != 'dependabot[bot]'
+
     # Optional: Filter by PR author
-    # if: |
+    # Additional filters can be added:
     #   github.event.pull_request.user.login == 'external-contributor' ||
     #   github.event.pull_request.user.login == 'new-developer' ||
     #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
@@ -26,12 +29,27 @@ jobs:
       id-token: write
 
     steps:
+      - name: Check if Claude Code OAuth token is configured
+        id: check-token
+        run: |
+          if [ -z "${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}" ]; then
+            echo "⚠️ CLAUDE_CODE_OAUTH_TOKEN secret is not configured"
+            echo "   Skipping Claude Code Review"
+            echo "   To enable: Add CLAUDE_CODE_OAUTH_TOKEN to repository secrets"
+            echo "skip=true" >> $GITHUB_OUTPUT
+          else
+            echo "✅ CLAUDE_CODE_OAUTH_TOKEN is configured"
+            echo "skip=false" >> $GITHUB_OUTPUT
+          fi
+
       - name: Checkout repository
+        if: steps.check-token.outputs.skip != 'true'
         uses: actions/checkout@v4
         with:
           fetch-depth: 1
 
       - name: Run Claude Code Review
+        if: steps.check-token.outputs.skip != 'true'
         id: claude-review
         uses: anthropics/claude-code-action@v1
         with:
diff --git a/.github/workflows/dev-to-main.yml b/.github/workflows/dev-to-main.yml
@@ -47,7 +47,15 @@ jobs:
       - name: Validate source is dev branch
         run: |
           SOURCE_BRANCH="${{ github.head_ref }}"
-          echo "🔍 Validating source branch: $SOURCE_BRANCH"
+          ACTOR="${{ github.actor }}"
+          echo "🔍 Validating source branch: $SOURCE_BRANCH (Actor: $ACTOR)"
+
+          # Allow dependabot PRs to bypass dev branch requirement
+          if [[ "$ACTOR" == "dependabot[bot]" ]] || [[ "$SOURCE_BRANCH" == dependabot/* ]]; then
+            echo "✅ Dependabot PR - skipping source branch validation"
+            echo "   Dependabot PRs are allowed to merge directly to main"
+            exit 0
+          fi
 
           if [[ "$SOURCE_BRANCH" != "dev" ]]; then
             echo "❌ Invalid source branch: $SOURCE_BRANCH"
