Commit f1de552
authored
Remove dependabot restriction (#258)
Previously dependabot PRs were skipped as secret access was restricted.
GitHub has since added dependabot secrets, making the blanket skip
unnecessary and actively harmful to users that depend on private BSR
modules during dependabot PRs.
The guard is redundant because the action already handles this correctly
without it:
- login() skips gracefully when no token is provided, so dependabot runs
without a configured BUF_TOKEN behave identically to before.
- push and archive default to false for pull_request events (which
dependabot triggers), so there is no risk of accidental publishing.
- pr_comment has a fork check built into its default expression.
- lint, format, and breaking default to true on PRs, which is correct
behavior for dependabot PRs as well.
The only behavioral change is for users who have configured a BUF_TOKEN
dependabot secret: those runs will now log in to the BSR, allowing buf
to resolve private dependencies. Users without a dependabot secret see
no change.
Closes #2551 parent 219c9ae commit f1de552
2 files changed
Lines changed: 0 additions & 8 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
105975 | 105975 | | |
105976 | 105976 | | |
105977 | 105977 | | |
105978 | | - | |
105979 | | - | |
105980 | | - | |
105981 | | - | |
105982 | 105978 | | |
105983 | 105979 | | |
105984 | 105980 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
63 | 63 | | |
64 | 64 | | |
65 | 65 | | |
66 | | - | |
67 | | - | |
68 | | - | |
69 | | - | |
70 | 66 | | |
71 | 67 | | |
72 | 68 | | |
| |||
0 commit comments