After creating a new repository from this template, dependabot automatically broke it.
Example project: https://github.com/srtfisher/working-action-release
PRs that dependabot created and were automerged that broke it:
After those PRs merged, npm ci doesn't pass. Heck, you can even see the failures on those PRs from our CI tests.
The problems comes from https://github.com/alleyinteractive/create-wordpress-plugin/blob/develop/.github/workflows/dependabot-auto-approve.yml and https://github.com/alleyinteractive/create-wordpress-plugin/blob/develop/.github/workflows/dependabot-auto-merge.yml.
When a new repository is created, the branch is unprotected and dependabot can merge at will without making sure the plugin works.
A proposed solution would be to make the auto merge also expect the pull request to have some CI steps on it. Worth investigating.
After creating a new repository from this template, dependabot automatically broke it.
Example project: https://github.com/srtfisher/working-action-release
PRs that dependabot created and were automerged that broke it:
After those PRs merged,
npm cidoesn't pass. Heck, you can even see the failures on those PRs from our CI tests.The problems comes from https://github.com/alleyinteractive/create-wordpress-plugin/blob/develop/.github/workflows/dependabot-auto-approve.yml and https://github.com/alleyinteractive/create-wordpress-plugin/blob/develop/.github/workflows/dependabot-auto-merge.yml.
When a new repository is created, the branch is unprotected and dependabot can merge at will without making sure the plugin works.
A proposed solution would be to make the auto merge also expect the pull request to have some CI steps on it. Worth investigating.