From 0b08ea80c9c7dde8c2b4ac21a04ea30266a93b63 Mon Sep 17 00:00:00 2001 From: Kentaro Ohkouchi Date: Wed, 3 Jun 2026 07:21:20 +0900 Subject: [PATCH] =?UTF-8?q?ci:=20Dependabot=20=E5=88=A4=E5=AE=9A=E3=82=92?= =?UTF-8?q?=20github.actor=20=E3=81=8B=E3=82=89=20PR=20=E4=BD=9C=E6=88=90?= =?UTF-8?q?=E8=80=85=E3=81=B8=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 前回の `if: github.actor != 'dependabot[bot]'` は意図どおり動かなかった。 github.actor は「実行を引き起こしたユーザー」を指すため、別 PR をマージして Dependabot PR が自動 rebase された際、実行が人間(マージした本人)に帰属し スキップされなかった。PR 作成者を見る pull_request.user.login で判定すれば、 誰が再実行を誘発しても Dependabot PR を安定して識別できる。 Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/claude-code-review.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index 9e7848f..75790e4 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -16,7 +16,12 @@ jobs: # the actions/checkout SHA), which makes claude-code-action's OIDC token exchange # fail with "Workflow validation failed" because the workflow no longer matches the # version on the default branch. Skipping avoids that expected, unavoidable failure. - if: github.actor != 'dependabot[bot]' + # + # Use the PR author (pull_request.user.login), NOT github.actor: github.actor is + # whoever triggered the run, so when merging another PR causes Dependabot to rebase + # this one, the run is attributed to the human merger and the check would not be + # skipped. The PR author stays 'dependabot[bot]' regardless of who triggers the run. + if: github.event.pull_request.user.login != 'dependabot[bot]' # Optional: Filter by PR author # if: |