From 35f27813bc1bc23dab0cfb6b624fc9ddf02d9f10 Mon Sep 17 00:00:00 2001
From: Xuanwo <github@xuanwo.io>
Date: Fri, 6 Mar 2026 00:57:57 +0800
Subject: [PATCH] ci: skip secret-required tests for dependabot PRs

---
 .github/workflows/aws_v4.yml        | 6 +++---
 .github/workflows/azure_storage.yml | 6 +++---
 .github/workflows/google.yml        | 6 +++---
 .github/workflows/tencent_cos.yml   | 2 +-
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/aws_v4.yml b/.github/workflows/aws_v4.yml
index bffc8d37..c18a5a2e 100644
--- a/.github/workflows/aws_v4.yml
+++ b/.github/workflows/aws_v4.yml
@@ -60,12 +60,12 @@ jobs:
       - name: Check if secrets are available
         id: check
         run: |
-          if [[ "${{ github.event_name }}" == "push" || ( "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.head.repo.fork }}" == "false" ) ]]; then
+          if [[ "${{ github.event_name }}" == "push" || ( "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.head.repo.fork }}" == "false" && "${{ github.actor }}" != "dependabot[bot]" ) ]]; then
             echo "has_secrets=true" >> $GITHUB_OUTPUT
-            echo "::notice::Integration tests will be executed (base repository)"
+            echo "::notice::Integration tests will be executed (base repository and non-dependabot PR)"
           else
             echo "has_secrets=false" >> $GITHUB_OUTPUT
-            echo "::warning::Integration tests will be skipped (forked repository or no secrets available)"
+            echo "::warning::Integration tests will be skipped (forked repository, dependabot PR, or no secrets available)"
           fi
 
   # Signing tests - test signature algorithm with static credentials
diff --git a/.github/workflows/azure_storage.yml b/.github/workflows/azure_storage.yml
index 63720a59..b1931c98 100644
--- a/.github/workflows/azure_storage.yml
+++ b/.github/workflows/azure_storage.yml
@@ -60,12 +60,12 @@ jobs:
       - name: Check if secrets are available
         id: check
         run: |
-          if [[ "${{ github.event_name }}" == "push" || ( "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.head.repo.fork }}" == "false" ) ]]; then
+          if [[ "${{ github.event_name }}" == "push" || ( "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.head.repo.fork }}" == "false" && "${{ github.actor }}" != "dependabot[bot]" ) ]]; then
             echo "has_secrets=true" >> $GITHUB_OUTPUT
-            echo "::notice::Integration tests will be executed (base repository)"
+            echo "::notice::Integration tests will be executed (base repository and non-dependabot PR)"
           else
             echo "has_secrets=false" >> $GITHUB_OUTPUT
-            echo "::warning::Integration tests will be skipped (forked repository or no secrets available)"
+            echo "::warning::Integration tests will be skipped (forked repository, dependabot PR, or no secrets available)"
           fi
 
   # Signing tests - test signature algorithm with static credentials
diff --git a/.github/workflows/google.yml b/.github/workflows/google.yml
index c9012578..dee41577 100644
--- a/.github/workflows/google.yml
+++ b/.github/workflows/google.yml
@@ -60,12 +60,12 @@ jobs:
       - name: Check if secrets are available
         id: check
         run: |
-          if [[ "${{ github.event_name }}" == "push" || ( "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.head.repo.fork }}" == "false" ) ]]; then
+          if [[ "${{ github.event_name }}" == "push" || ( "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.head.repo.fork }}" == "false" && "${{ github.actor }}" != "dependabot[bot]" ) ]]; then
             echo "has_secrets=true" >> $GITHUB_OUTPUT
-            echo "::notice::Integration tests will be executed (base repository)"
+            echo "::notice::Integration tests will be executed (base repository and non-dependabot PR)"
           else
             echo "has_secrets=false" >> $GITHUB_OUTPUT
-            echo "::warning::Integration tests will be skipped (forked repository or no secrets available)"
+            echo "::warning::Integration tests will be skipped (forked repository, dependabot PR, or no secrets available)"
           fi
 
   # Signing tests - test signature algorithm with static credentials
diff --git a/.github/workflows/tencent_cos.yml b/.github/workflows/tencent_cos.yml
index 0d4a1a97..b0f8fa30 100644
--- a/.github/workflows/tencent_cos.yml
+++ b/.github/workflows/tencent_cos.yml
@@ -55,7 +55,7 @@ jobs:
     permissions:
       contents: "read"
       id-token: "write"
-    if: github.event_name == 'push' || !github.event.pull_request.head.repo.fork
+    if: github.event_name == 'push' || (!github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]')
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with: