Skip to content

fix(ci): skip Ketryx reporting for Dependabot PRs #381

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
olivermeyer merged 1 commit into from
Jan 9, 2026
Merged

fix(ci): skip Ketryx reporting for Dependabot PRs #381

olivermeyer merged 1 commit into from
Jan 9, 2026

Conversation

@olivermeyer
Copy link
Collaborator

@olivermeyer olivermeyer commented Jan 9, 2026
edited
Loading

Dependabot PRs cannot access repository secrets (in this case KETRYX_PROJECT and KETRYX_API_KEY), to prevent malicious dependency updates from accessing sensitive information. This means the ketryx_report_and_check step fails for all Dependabot PRs (e.g. #379). This is not a new issue but was ignored until now.

In this PR I skip the Ketryx step when the PR is opened by dependabot[bot]. Important:

  • All other CI checks (lint, audit, test, codeql) still run normally for Dependabot PRs
  • The Ketryx report is still generated when the PR is merged to main

@olivermeyer
fix(ci): skip Ketryx reporting for Dependabot PRs
4fe7331 
Dependabot PRs do not have access to regular repository secrets
(KETRYX_PROJECT, KETRYX_API_KEY) due to GitHub security restrictions.
This is by design to prevent malicious dependency updates from
accessing sensitive information.

This change skips the ketryx_report_and_check job when the PR
is opened by dependabot[bot]. All other CI checks (lint, audit,
test, codeql) still run normally for Dependabot PRs.

The Ketryx compliance report will still be generated when the PR
is merged to main, so no compliance tracking is lost.

Fixes issue where PR #379 (dependabot) fails with:
'Missing input project' error

Related to successful PR #380 (user-opened) which has access
to all secrets.
@codecov
Copy link

codecov bot commented Jan 9, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.
see 8 files with indirect coverage changes

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 9, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@olivermeyer olivermeyer merged commit 9b7631b into main Jan 9, 2026
29 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@neelay-aign neelay-aign neelay-aign approved these changes

@helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen Awaiting requested review from helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@olivermeyer @neelay-aign