From 1e46ec6c44e02d6cac0154d21833d7c6c69afc69 Mon Sep 17 00:00:00 2001
From: James Elliott <james-d-elliott@users.noreply.github.com>
Date: Wed, 10 Mar 2021 15:53:33 +1100
Subject: [PATCH] ci: restore dependabot rules (#1797)

Restores the dependabot rules in buildkite for the purpose of security fixes which are handled by dependabot still.
---
 .buildkite/pipeline.yml         | 4 ++--
 .buildkite/steps/buildimages.sh | 2 +-
 .github/probot.js               | 4 ++++
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml
index 3b9b66d18..184a31c65 100644
--- a/.buildkite/pipeline.yml
+++ b/.buildkite/pipeline.yml
@@ -14,7 +14,7 @@ steps:
     if: build.branch != "master"
 
   - wait:
-    if: build.pull_request.repository.fork != true && build.branch !~ /^renovate\/.*/
+    if: build.pull_request.repository.fork != true && build.branch !~ /^(dependabot|renovate)\/.*/
 
   # Manual intervention by team required to deploy for forked PRs (prevent secret leakage).
   - block: "Public fork needs approval"
@@ -32,7 +32,7 @@ steps:
   - label: ":rocket: Setup Deployment"
     command: ".buildkite/deployment.sh | buildkite-agent pipeline upload"
     depends_on: ~
-    if: build.branch != "master" && build.branch !~ /^renovate\/.*/ && build.pull_request.repository.fork != true
+    if: build.branch != "master" && build.branch !~ /^(dependabot|renovate)\/.*/ && build.pull_request.repository.fork != true
 
   # Removed dependency optimisation for forked PRs to enforce block step.
   - label: ":rocket: Setup Deployment"
diff --git a/.buildkite/steps/buildimages.sh b/.buildkite/steps/buildimages.sh
index 5ff2b6753..c031e0392 100755
--- a/.buildkite/steps/buildimages.sh
+++ b/.buildkite/steps/buildimages.sh
@@ -33,7 +33,7 @@ cat << EOF
 EOF
 else
 cat << EOF
-    if: build.branch !~ /^renovate\/.*/
+    if: build.branch !~ /^(dependabot|renovate)\/.*/
 EOF
 fi
   done
diff --git a/.github/probot.js b/.github/probot.js
index 4916eca8d..8f49a5077 100644
--- a/.github/probot.js
+++ b/.github/probot.js
@@ -4,6 +4,10 @@ on('pull_request.opened')
         context =>
             context.payload.pull_request.head.label.slice(0, 9) === 'authelia:'
     )
+    .filter(
+        context =>
+            context.payload.pull_request.head.ref.slice(0, 11) !== 'dependabot/'
+    )
     .filter(
         context =>
             context.payload.pull_request.head.ref.slice(0, 9) !== 'renovate/'