diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 3b9b66d18..184a31c65 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -14,7 +14,7 @@ steps: if: build.branch != "master" - wait: - if: build.pull_request.repository.fork != true && build.branch !~ /^renovate\/.*/ + if: build.pull_request.repository.fork != true && build.branch !~ /^(dependabot|renovate)\/.*/ # Manual intervention by team required to deploy for forked PRs (prevent secret leakage). - block: "Public fork needs approval" @@ -32,7 +32,7 @@ steps: - label: ":rocket: Setup Deployment" command: ".buildkite/deployment.sh | buildkite-agent pipeline upload" depends_on: ~ - if: build.branch != "master" && build.branch !~ /^renovate\/.*/ && build.pull_request.repository.fork != true + if: build.branch != "master" && build.branch !~ /^(dependabot|renovate)\/.*/ && build.pull_request.repository.fork != true # Removed dependency optimisation for forked PRs to enforce block step. - label: ":rocket: Setup Deployment" diff --git a/.buildkite/steps/buildimages.sh b/.buildkite/steps/buildimages.sh index 5ff2b6753..c031e0392 100755 --- a/.buildkite/steps/buildimages.sh +++ b/.buildkite/steps/buildimages.sh @@ -33,7 +33,7 @@ cat << EOF EOF else cat << EOF - if: build.branch !~ /^renovate\/.*/ + if: build.branch !~ /^(dependabot|renovate)\/.*/ EOF fi done diff --git a/.github/probot.js b/.github/probot.js index 4916eca8d..8f49a5077 100644 --- a/.github/probot.js +++ b/.github/probot.js @@ -4,6 +4,10 @@ on('pull_request.opened') context => context.payload.pull_request.head.label.slice(0, 9) === 'authelia:' ) + .filter( + context => + context.payload.pull_request.head.ref.slice(0, 11) !== 'dependabot/' + ) .filter( context => context.payload.pull_request.head.ref.slice(0, 9) !== 'renovate/'