Revision history [back]
 | 1 | initial version |
There are a few ways to exclude Dependabot pull requests from GitHub Actions:
Using the
ifcondition in the workflow file: You can use theifcondition to only run the workflow if the pull request is not generated by the Dependabot. For example:on: pull_request: branches: [main] jobs: build: if: "!contains(github.actor, '[bot]')" runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - name: Build run: ./build.shIn this example, the
if: "!contains(github.actor, '[bot]')"line checks if the username of the actor (who triggered the workflow) doesn't contain[bot]. This will skip the workflow if Dependabot created the pull request.Using the
jobs.<job_id>.ifcondition: You can also use thejobs.<job_id>.ifcondition to run specific jobs only if the pull request is not generated by the Dependabot. For example:on: pull_request: branches: [main] jobs: build: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - name: Build run: ./build.sh test: if: "!contains(github.actor, '[bot]')" runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - name: Test run: ./test.shIn this example, the
testjob will only run if the actor is not a bot (i.e. Dependabot).Using the
pull_request_targetevent: Another option is to use thepull_request_targetevent, which is triggered when a pull request is targeted at a specific branch (e.g.main). This event includes apull_requestobject for the target branch, which you can use to filter out the Dependabot pull requests. For example:on: pull_request_target: branches: [main] jobs: build: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - name: Build run: ./build.sh - name: Test if: ${{ github.event.pull_request.user.login != 'dependabot[bot]' }} run: ./test.shIn this example, the
Teststep will only run if thepull_request.user.loginis notdependabot[bot].