feat(dependabot): AI-gated auto-merge for major github-actions bumps (pilot)#5
Merged
Merged
Conversation
Adds an opt-in AI risk gate to the shared Dependabot auto-merge workflow. For repos on AIGATE_ALLOWLIST (pilot: RealRate-Private), a MAJOR `github-actions` bump is classified by OpenAI (gpt-5-mini) and auto-merged only if judged low-risk / non-breaking. Everything else is unchanged: patch/minor still auto-merge; all other majors (and non-allowlisted repos) keep comment + needs-manual-review. Design: - The verdict step is read-only and never merges; a separate deterministic step approves + enables auto-merge. GitHub's required status checks still gate the real merge, so a bump that breaks CI never lands regardless of the verdict. - No checkout of PR head code; the untrusted changelog is only classified. - On any failure (missing OPENAI_API_KEY, API error, unparseable response) the script emits verdict=human, so we never auto-merge on an errored verdict. - Ships in DRY_RUN mode: posts the verdict as a comment but does NOT merge, so verdicts can be observed before enforcing. Requires an org-level OPENAI_API_KEY Actions secret. Ref RealRate-Private#2229. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Collaborator
Author
|
@HolgerBartel — this PR needs one admin action from you to go live: please add an
Cost is negligible (~$0.05/month at expected volume). Thanks! |
Collaborator
Author
|
⚙️ Operational note — merging this PR does NOT turn the feature on. It ships inert and fail-closed. Two independent switches must BOTH be set before any major bump auto-merges:
Until both are done: patch/minor auto-merge is unchanged, all majors (incl. github-actions in the allowlisted repo) continue to get comment + |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements the AI risk gate designed in realrate/RealRate-Private#2229.
What
For repos on an allowlist (pilot:
realrate/RealRate-Private), a majorgithub-actionsDependabot bump is classified by OpenAIgpt-5-miniand auto-merged only if judged low-risk / non-breaking. Everything else is unchanged:needs-manual-review(as today)Ships in dry-run (
AIGATE_DRY_RUN: "true"): the AI posts its verdict as a comment but does not merge, so we can observe verdicts before enforcing.How / safety
gh pr merge --auto. GitHub's existing required checks (verify-output,pre-commit,semgrep,pip-audit,Analyze) still gate the actual merge, so a bump that breaks CI never lands regardless of the verdict.OPENAI_API_KEY, API error, unparseable response) the script emitsverdict=human; the step iscontinue-on-error, so a failed verdict routes to manual review and never blocks the required check or auto-merges.opened.Files
.github/workflows/dependabot-automerge.yaml— the gate (allowlist + dry-run env, verdict step, auto-merge step, route-to-human step)..github/review-tooling/review_dependabot_major.py— OpenAI structured-output verdict ({verdict, risk, reason}); always writes valid JSON + exits 0..github/review-tooling/requirements.txt— pinsopenai==2.45.0.realrate/.githubis public, so the injected workflow in a private consumer repo can check this tooling out with the built-in token.Prerequisite before enforcing (org admin)
Add
OPENAI_API_KEYas an organization-level Actions secret (the same OpenAI account already used by RealRate-AIChatbot'sgpt-5-mini). Until it exists, the gate simply routes every eligible bump to manual review (fail-closed) — safe to merge this PR first.Rollout
AIGATE_DRY_RUNto"false".AIGATE_ALLOWLIST; later consider pip/docker with stricter prompts + a denylist.Validated with
actionlint(clean) and an offline test of the script's fail-closed path (no key →human).🤖 Generated with Claude Code