fix(ci): disable automatic dependabot PRs merge as they do not trigger release

Tomasz Gągor · Tomasz Gągor · commit b44c623f6d1a · 2025-12-05T14:43:19.000+01:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -160,22 +160,22 @@ jobs:
         with:
           sarif_file: trivy-results.sarif
 
-  dependabot:
-    runs-on: ubuntu-latest
-    needs:
-      - build
-    permissions:
-      pull-requests: write
-      contents: write
-    if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}}
-    steps:
-      - id: metadata
-        uses: dependabot/fetch-metadata@v2
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          gh pr review --approve "$PR_URL"
-          gh pr merge --squash --auto "$PR_URL"
+  # dependabot:
+  #   runs-on: ubuntu-latest
+  #   needs:
+  #     - build
+  #   permissions:
+  #     pull-requests: write
+  #     contents: write
+  #   if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}}
+  #   steps:
+  #     - id: metadata
+  #       uses: dependabot/fetch-metadata@v2
+  #       with:
+  #         github-token: "${{ secrets.GITHUB_TOKEN }}"
+  #     - env:
+  #         PR_URL: ${{ github.event.pull_request.html_url }}
+  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  #       run: |
+  #         gh pr review --approve "$PR_URL"
+  #         gh pr merge --squash --auto "$PR_URL"
