(camel-quarkus) branch main updated: chore: Add PR author validation to dependabot workflow

Wed, 20 May 2026 08:18:27 -0700 

This is an automated email from the ASF dual-hosted git repository.

jamesnetherton pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git


The following commit(s) were added to refs/heads/main by this push:
     new b7c2608a58 chore: Add PR author validation to dependabot workflow
b7c2608a58 is described below

commit b7c2608a5820d3593101a69896a86a12422eeb2b
Author: James Netherton <[email protected]>
AuthorDate: Wed May 20 16:18:14 2026 +0100

    chore: Add PR author validation to dependabot workflow
    
    Include PR author information in the CI workflow artifact and validate
    it in the synchronize workflow before executing privileged operations.
    
    Co-authored-by: Claude Sonnet 4.5 <[email protected]>
---
 .github/workflows/ci-build.yaml                      | 1 +
 .github/workflows/synchronize-dependabot-branch.yaml | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index d3ad4a8d30..9ffafd353a 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -135,6 +135,7 @@ jobs:
               echo ${{ github.head_ref }} > ./dependabot-pr/BRANCH_REF
               echo ${{ github.event.pull_request.head.sha }} > 
./dependabot-pr/PR_HEAD_SHA
               echo "$GITHUB_REF" | awk -F / '{print $3}' >  
./dependabot-pr/PR_NUMBER
+              echo ${{ github.event.pull_request.user.login }} > 
./dependabot-pr/PR_AUTHOR
               git diff -p --binary > ./dependabot-pr/changes.patch
 
               echo "continue-build=false" >> $GITHUB_OUTPUT
diff --git a/.github/workflows/synchronize-dependabot-branch.yaml 
b/.github/workflows/synchronize-dependabot-branch.yaml
index 592b2d35df..4320553ec1 100644
--- a/.github/workflows/synchronize-dependabot-branch.yaml
+++ b/.github/workflows/synchronize-dependabot-branch.yaml
@@ -82,6 +82,11 @@ jobs:
               exit 1
             fi
 
+            PR_AUTHOR=$(cat /home/runner/work/dependabot-pr/PR_AUTHOR)
+            if [[ "${PR_AUTHOR}" != "dependabot[bot]" ]]; then
+              exit 1
+            fi
+
             echo "branch-ref=$(cat 
/home/runner/work/dependabot-pr/BRANCH_REF)" >> $GITHUB_OUTPUT
             echo "pr-head-sha=${PR_HEAD_SHA}" >> $GITHUB_OUTPUT
             echo "pr-number=${PR_NUMBER}" >> $GITHUB_OUTPUT

Reply via email to