Skip to content

Commit f1de552

Browse files
authored
Remove dependabot restriction (#258)
Previously dependabot PRs were skipped as secret access was restricted. GitHub has since added dependabot secrets, making the blanket skip unnecessary and actively harmful to users that depend on private BSR modules during dependabot PRs. The guard is redundant because the action already handles this correctly without it: - login() skips gracefully when no token is provided, so dependabot runs without a configured BUF_TOKEN behave identically to before. - push and archive default to false for pull_request events (which dependabot triggers), so there is no risk of accidental publishing. - pr_comment has a fork check built into its default expression. - lint, format, and breaking default to true on PRs, which is correct behavior for dependabot PRs as well. The only behavioral change is for users who have configured a BUF_TOKEN dependabot secret: those runs will now log in to the BSR, allowing buf to resolve private dependencies. Users without a dependabot secret see no change. Closes #255
1 parent 219c9ae commit f1de552

2 files changed

Lines changed: 0 additions & 8 deletions

File tree

dist/index.js

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -105975,10 +105975,6 @@ async function main() {
105975105975
lib_core.setOutput(Outputs.BufVersion, bufVersion);
105976105976
lib_core.setOutput(Outputs.BufPath, bufPath);
105977105977
lib_core.saveState(Outputs.BufPath, bufPath);
105978-
if (inputs.github_actor == "dependabot[bot]") {
105979-
lib_core.info("Skipping steps for dependabot");
105980-
return;
105981-
}
105982105978
await login(bufPath, inputs);
105983105979
if (inputs.setup_only) {
105984105980
lib_core.info("Setup only, skipping steps");

src/main.ts

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -63,10 +63,6 @@ async function main() {
6363
core.setOutput(Outputs.BufVersion, bufVersion);
6464
core.setOutput(Outputs.BufPath, bufPath);
6565
core.saveState(Outputs.BufPath, bufPath);
66-
if (inputs.github_actor == "dependabot[bot]") {
67-
core.info("Skipping steps for dependabot");
68-
return;
69-
}
7066
await login(bufPath, inputs);
7167
if (inputs.setup_only) {
7268
core.info("Setup only, skipping steps");

0 commit comments

Comments
 (0)