Review Dependabot minor and major updates with Claude Code#19
Merged
danielorbach merged 14 commits intomainfrom Mar 12, 2026
Merged
Review Dependabot minor and major updates with Claude Code#19danielorbach merged 14 commits intomainfrom
danielorbach merged 14 commits intomainfrom
Conversation
The agent determines whether to approve on its own.
Major updates may contain breaking changes that warrant human review. Claude analyzes the diff, fetches release notes and changelogs, and posts a review comment with migration notes, but does NOT approve or merge. The --disallowedTools flag explicitly prevents gh pr review --approve, providing a safety net beyond the prompt instruction.
Three issues addressed: 1. Bot actor validation: claude-code-action v1.0.30 added checkHumanActor validation that rejects bot-triggered workflows by default. The allowed_bots input opts in Dependabot explicitly. 2. Repository context: without a local checkout, gh commands fail to infer the repository. GH_REPO provides this context explicitly. 3. Tool scoping: minor reviews are restricted to gh pr diff/view/review. Major reviews additionally allow WebFetch and WebSearch for changelog research but explicitly disallow approval commands. --max-turns caps prevent runaway behavior (25 minor, 50 major).
Separates the non-deterministic Claude approval from the deterministic merge operation, making the workflow behavior more predictable. Reorders steps so reviews come first, then merges (patch and minor).
Adds ASCII diagram of the review & merge paths, notes on pull_request vs pull_request_target (OIDC limitation with Dependabot PRs), and squash commit body overrides.
Explains that enabling commit signing would allow Claude to commit via MCP, which is undesirable for dependency review workflows.
There was a problem hiding this comment.
Pull request overview
Updates the Dependabot auto-merge workflow to add Claude-assisted review for minor and major dependency updates, completing the “review before merge” automation tier that was previously left for humans.
Changes:
- Adds Claude Code Action steps to review minor updates (approve + auto-merge) and analyze major updates (comment-only, human merge).
- Updates workflow permissions and documentation to support Claude’s token generation and least-privilege intent.
- Renames/restructures the workflow/job and expands the in-file documentation describing the decision flow.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
A local checkout lets Claude inspect the codebase with Read/Grep/Glob, run Go tooling (go mod graph, go vet), and infer the repo context from the git remote. This eliminates the GH_REPO workaround and the git credential errors that appeared without a working directory. Credentials are not persisted since the review steps use gh (which manages its own token) rather than git push.
The workflow permissions are read-only except for PR approval, which is already guarded by narrow gh pr review scoping (and --disallowedTools for major). The remaining gh subcommands (issue, search, run, workflow, release) are safe to allow and help Claude research context. Go tooling lets Claude verify compilation and inspect the dependency graph.
Semver treats everything before v1.0.0 as unstable: minor bumps in v0.x may contain breaking changes. The prompt now flags this so Claude applies extra scrutiny to pre-v1 minor updates.
danielorbach
force-pushed
the
claudependabot
branch
from
d8a88b2 to
0481313
Compare
📝 WalkthroughWalkthroughReplaces the existing Dependabot auto-merge workflow with an enhanced version that integrates Claude API for intelligent code review of dependency updates. The new workflow automates approval and merging of patch and minor updates while routing major updates for Claude-assisted analysis. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
📝 Coding Plan for PR comments
Warning Review ran into problems🔥 ProblemsGit: Failed to clone repository. Please run the Comment |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
The single job interleaved trust decisions (approve, Claude review) with housekeeping (auto-merge with clean commit body). Two jobs make the flow easier to follow and let each job declare only the permissions it needs. Pure structural move: no step logic changes, no new steps.
Major updates now get clean squash commit bodies when a human eventually approves, instead of inheriting the Dependabot changelog.
Squash-merge commits from Dependabot are otherwise indistinguishable from human-merged ones in git log. The trailer makes it easy to filter or audit automated merges.
The merge job only runs gh CLI commands (no checkout, no build tools), so ubuntu-slim is sufficient and faster to provision.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
.github/workflows/claudependabot.yml (1)
130-135: Potential gap in--disallowedToolspattern.The current disallow patterns block
gh pr review --approve:*andgh pr review -a:*, but gh CLI allows combined short flags. For example,gh pr review -ab "message"(approve with body) might not match either pattern. Consider also blocking patterns likeBash(gh pr merge:*)to prevent direct merge attempts.The prompt instruction on line 127 provides defense-in-depth, but tightening the tool restrictions would add an extra layer.
🔧 Suggested additional disallowed patterns
--allowedTools "Bash(go:*),WebFetch,WebSearch" --disallowedTools "Bash(gh pr review --approve:*),Bash(gh pr review -a:*)" + --disallowedTools "Bash(gh pr merge:*),Bash(gh pr close:*)" --max-turns 25🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/claudependabot.yml around lines 130 - 135, The --disallowedTools list in the claude_args block is too narrow: update the --disallowedTools entry to include patterns that cover combined short flags and merge commands (e.g., add patterns like Bash(gh pr review -a*:*), Bash(gh pr review -ab*:*), Bash(gh pr review -am*:*), Bash(gh pr review -ba*:*), and Bash(gh pr review -a*), plus Bash(gh pr merge:*), Bash(gh pr merge -y:*), etc.) so that combined short-flag usages and direct merge attempts are blocked; modify the existing --disallowedTools string in the claude_args section to append these additional Bash(...) patterns.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/claudependabot.yml:
- Around line 167-178: The auto-merge step ("Auto-merge minor") currently runs
whenever the review job completes even if Claude did not approve; change the
merge condition to require an explicit approval output/label from the review job
(e.g., have the review job emit outputs.approved = 'true' or set a label like
"claude-approved") and update the if expression to check both update-type ==
'version-update:semver-minor' AND the review approval (for example: if:
steps.metadata.outputs.update-type == 'version-update:semver-minor' &&
needs.claude-review.outputs.approved == 'true'), or alternatively call the
GitHub API to verify an actual PR approval before running gh pr merge; also
adjust the PR body message so it only claims "reviewed by Claude" when approved.
- Around line 61-68: The workflow uses a non-existent checkout action version
"actions/checkout@v6"; update the checkout step to a valid release such as
"actions/checkout@v5" or a pinned "actions/checkout@v5.0.0" by replacing the
"uses" value referencing actions/checkout@v6 with the chosen valid tag, keeping
the existing "persist-credentials: false" line unchanged to preserve the
security behavior.
---
Nitpick comments:
In @.github/workflows/claudependabot.yml:
- Around line 130-135: The --disallowedTools list in the claude_args block is
too narrow: update the --disallowedTools entry to include patterns that cover
combined short flags and merge commands (e.g., add patterns like Bash(gh pr
review -a*:*), Bash(gh pr review -ab*:*), Bash(gh pr review -am*:*), Bash(gh pr
review -ba*:*), and Bash(gh pr review -a*), plus Bash(gh pr merge:*), Bash(gh pr
merge -y:*), etc.) so that combined short-flag usages and direct merge attempts
are blocked; modify the existing --disallowedTools string in the claude_args
section to append these additional Bash(...) patterns.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 4ae2d9e5-1f55-49cd-aa57-ded97067a175
📒 Files selected for processing (2)
.github/workflows/claudependabot.yml.github/workflows/dependabot-automerge.yml
💤 Files with no reviewable changes (1)
- .github/workflows/dependabot-automerge.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The existing Dependabot workflow auto-approves and merges patch updates but left minor and major updates for human review (see #16). This completes the three-tier automation by replacing those TODOs with Claude-assisted review.
Minor updates are reviewed and auto-merged if Claude approves. Major updates receive analysis with migration notes and changelog research, but require a human to approve and merge. Tool permissions follow a least-privilege model:
gh pr reviewcommands are narrowly scoped, and major reviews explicitly disallow approval via--disallowedTools. The minor review prompt flags v0.x dependencies, where semver permits breaking changes in minor bumps.Review and merge are split into separate jobs so each can declare its own least-privilege permission set: the review job holds
id-token: writefor Claude's OIDC tokens but onlycontents: read, while the merge job holdscontents: writebut noid-token. This follows the principle of least privilege at the job level, narrowing the blast radius of each token.The Claude Code "app" integration for issues and PRs (originally planned in #5) was dropped in favor of the local Claude Code experience; the prior attempt is preserved in #18.
Closes #6.