ci: allow dependabot PRs to skip deployments to cloudflare#1235
Merged
fhammerschmidt merged 7 commits intomasterfrom Apr 8, 2026
Merged
ci: allow dependabot PRs to skip deployments to cloudflare#1235fhammerschmidt merged 7 commits intomasterfrom
fhammerschmidt merged 7 commits intomasterfrom
Conversation
GitHub restricts secrets for pull_request events triggered by dependabot[bot]. Switch dependabot PRs to pull_request_target, which runs in the base branch context and has access to secrets. - Add pull_request_target trigger - Route dependabot PRs through pull_request_target only - Route all other PRs through pull_request only (no double runs) - Checkout PR head SHA for pull_request_target events
…nto vlk/allow-dependabot-to-merge
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…ang/rescript-lang.org into vlk/allow-dependabot-to-merge
jderochervlk
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Cloudflare deploymentDeployement ID: ebe8e590-bda1-4041-b6cc-b30f3c016503 ⛅️ wrangler 4.63.0 (update available 4.81.0) ✨ Uploading _redirects |
fhammerschmidt
approved these changes
Apr 8, 2026
jderochervlk
added a commit
that referenced
this pull request
Apr 9, 2026
* ci: allow dependabot PRs to skip deployments to cloudflare (#1235) * ci: allow dependabot PRs to deploy via pull_request_target GitHub restricts secrets for pull_request events triggered by dependabot[bot]. Switch dependabot PRs to pull_request_target, which runs in the base branch context and has access to secrets. - Add pull_request_target trigger - Route dependabot PRs through pull_request_target only - Route all other PRs through pull_request only (no double runs) - Checkout PR head SHA for pull_request_target events * Update .github/workflows/deploy.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * bypass cloudflare * Simplify deploy job condition in workflow file * Fix conditional syntax in deploy workflow steps --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix: patch marked ReDoS vulnerability (CVE-2022-21681) via Yarn resolution override (#1236) * Initial plan * fix: upgrade marked to 4.0.10 via resolutions to fix ReDoS (GHSA-5v2h-r2cx-5xgj) Agent-Logs-Url: https://github.com/rescript-lang/rescript-lang.org/sessions/9eb986e6-cb64-40d5-ac83-ff5bdd72d561 Co-authored-by: jderochervlk <60623931+jderochervlk@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jderochervlk <60623931+jderochervlk@users.noreply.github.com> * feat: split community pages out of MdxRoute into CommunityRoute (#1223) - Create CommunityRoute.res with dedicated loader and community sidebar - Register communityRoutes in routes.res, filter community from mdxRoutes - Remove communityTableOfContents, community branches from MdxRoute * fix: Add .resi file for CommunityRoute.jsx (#1238) * Add Cypress E2E testing with ReScript bindings and CI integration (#1239) * Add Cypress E2E testing with ReScript bindings and CI integration - Add Cypress config and support files for E2E tests - Add ReScript bindings for Cypress in e2e/bindings - Add navigation E2E test in e2e/Navigation_.cy.res - Update .gitignore for e2e artifacts - Add Cypress and E2E scripts to package.json - Add e2e to rescript.json dev sources - Update GitHub Actions to run E2E tests after deploy * Use Cypress GitHub Action for E2E tests in deploy workflow * pr feedback * wait again * configure retries * change type name * Initial plan --------- Co-authored-by: Josh Vlk <josh@vlkpack.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: jderochervlk <60623931+jderochervlk@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request updates the deployment workflow to prevent certain steps from running when the workflow is triggered by Dependabot. Specifically, the deployment and pull request comment steps will now be skipped if the actor is Dependabot.
Workflow condition updates:
.github/workflows/deploy.ymlso it does not run when the workflow is triggered bydependabot[bot].dependabot[bot].