diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index b14868e..bbfd7ed 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -12,11 +12,11 @@ on: jobs: claude-review: - # Optional: Filter by PR author - # if: | - # github.event.pull_request.user.login == 'external-contributor' || - # github.event.pull_request.user.login == 'new-developer' || - # github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' + # Skip Dependabot PRs — GitHub does not expose repo secrets (including + # CLAUDE_CODE_OAUTH_TOKEN) to dependabot-triggered runs, so the action + # exits with an empty-credential failure on every dep bump. The diff is + # also low-signal for review (version bumps, not behavior changes). + if: github.actor != 'dependabot[bot]' runs-on: ubuntu-latest permissions: