build(ci) dependabot workflows are run in a special context as a forked PR. Due security reasons it does not have access to the secrets from the base branch. Disable build steps if the github actor is dependeabot

Author: erinxocon

.github/workflows/ci.yml

@@ -12,8 +12,8 @@ jobs:
       - name: Checkout
         uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 #v6.0.3
         with:
-          fetch-depth: 0
-          lfs: true
+          fetch-depth: ${{ github.actor == 'dependabot[bot]' && 1 || 0 }}
+          lfs: ${{ github.actor != 'dependabot[bot]' }}
 
       - name: Setup pnpm
         uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 #v6.0.9
@@ -31,6 +31,7 @@ jobs:
         run: pnpm format:check
 
       - name: Restore cache from S3
+        if: github.actor != 'dependabot[bot]'
         run: |
           aws s3 cp s3://${{ secrets.STAGING_AWS_S3_BUCKET }}/cache/${{ github.event.repository.name }}/astro-cache.tar.zst astro-cache.tar.zst || true
           tar -xf astro-cache.tar.zst --use-compress-program "zstdmt" || true
@@ -40,4 +41,5 @@ jobs:
           AWS_DEFAULT_REGION: ${{ secrets.STAGING_AWS_REGION }}
 
       - name: Build
+        if: github.actor != 'dependabot[bot]'
         run: pnpm build