fix(automerge): gate .github/dependabot.yml + composite actions as risk-tier#112
Conversation
…sk-tier
The claude-author-automerge risk-tier regex covered `.github/workflows/**`
but not sibling non-workflow `.github/` surfaces. On 2026-07-10 ~15:13 UTC
six Claude-authored PRs whose ONLY change was `.github/dependabot.yml`
auto-merged fleet-wide (attaxion_marketing#18, basecamp-mcp#32, hr-center#20,
wxa-secrets#23, wxa_marketing#41, wxa_sanctions#27), contradicting the
CLAUDE.md policy that classifies `.github` production-infra config as
manual click-merge.
Add three enumerated patterns (house style per the 2026-05-24 lesson —
literal-segment alternations, never blanket `.github/**` which would sweep
in README-ish files):
- `^\.github/dependabot\.ya?ml$` dependency-automation config (controls
what auto-merges; can set insecure-external-code-execution)
- `^\.github/actions?/.*` repo-local composite actions, singular
or plural (executed CI code)
- `^\.github/scripts/.*` workflow-invoked scripts (executed CI code)
Plus `(^|/)action\.ya?ml$` — GitHub's reserved action-definition filename
gated at any depth (like the existing Dockerfile/main.go/.sql filename rules),
so actions living outside `.github/action(s)/` are still caught.
Kept auto-mergeable (verified SAFE in the corpus): `.github/ISSUE_TEMPLATE/`,
`PULL_REQUEST_TEMPLATE.md`, `FUNDING.yml`, `actionlint.yml`, root
`dependabot.yml`, and `reaction.yaml`/`transaction.yml` filename lookalikes.
Mirrored into the shared corpus (RISKY + SAFE cases, read by both the GH and
BB selftests) and this repo's `.github/risk-paths.yml` classifier. The BB
counterpart in bb-automerge.py (dotclaude) and the CLAUDE.md/installer policy
prose are updated in lockstep.
Verified: GH + BB selftests green (166 corpus cases), full pytest suite green,
classify.mjs functionally confirmed (dependabot->blocked, action(s)->sensitive,
actionlint/README-ish->non-risk). Codex pre-review: 6 rounds, converged clean.
Auto-merge rationale: MANUAL — touches `.github/workflows/**` (risk-tier) and
PRs to topcoder1/ci-workflows are always manual click-merge.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
Risk class: This PR touches one of the blocked path categories from Auto-merge is refused by (This is a policy notice, not a code-quality failure. The classify job itself does not fail — required CI checks remain authoritative for "is the code green.") |
|
Coverage Floor — mode:
|
|
No issues found. Regex additions are correctly anchored, consistent across the workflow/selftest/corpus, and covered by new RISKY+SAFE corpus cases (incl. lookalikes like reaction.yaml/actionlint.yml/root-dependabot.yml). |
Problem
The
claude-author-automergerisk-tier regex covered.github/workflows/**but not the sibling non-workflow.github/surfaces. On 2026-07-10 ~15:13 UTC six Claude-authored PRs whose ONLY change was.github/dependabot.yml(+2/−2) auto-merged fleet-wide:This contradicts the CLAUDE.md policy classifying
.githubproduction-infra config as manual click-merge.Fix — enumerate, don't blanket
Per the 2026-05-24 lesson ("automerge risk-tier globs are literal-segment alternations"), a blanket
.github/**would wrongly sweep in README-ish files. So the added coverage is enumerated:^\.github/dependabot\.ya?ml$insecure-external-code-execution)^\.github/actions?/.*^\.github/scripts/.*(^|/)action\.ya?ml$Dockerfile/main.go/.sqlfilename rules — so actions outside.github/action(s)/are still caughtKept auto-mergeable (pinned SAFE in the corpus):
.github/ISSUE_TEMPLATE/,PULL_REQUEST_TEMPLATE.md,FUNDING.yml,actionlint.yml, rootdependabot.yml, andreaction.yaml/transaction.ymlfilename lookalikes.Lockstep (no drift)
claude-author-automerge.yml, its mirror inselftest/test_automerge_risk_patterns.sh, the sharedselftest/risk_patterns_corpus.txt(RISKY + SAFE, read by both GH and BB selftests), and this repo's.github/risk-paths.ymlclassifier.bb-automerge.pyHIGH_RISK_PATTERNS, the CLAUDE.md Claude-authored-PR policy + 2026-05-24 lesson, andinstall-automerge-policy.shprose.Verification
uv run pytest -q✅ (7 passed)classify.mjsfunctionally confirmed:dependabot.yml→blocked,action(s)/→sensitive,actionlint.yml/ISSUE_TEMPLATE/root-dependabot.yml→non-riskAuto-merge rationale: MANUAL — touches
.github/workflows/**(risk-tier) and PRs totopcoder1/ci-workflowsare always manual click-merge. Auto-merge intentionally NOT enabled.🤖 Generated with Claude Code