Skip to content

feat(.claude): add dependabot-pr-automation skill#2781

Merged
migmartri merged 2 commits intochainloop-dev:mainfrom
migmartri:worktree-keen-owl-h1ct
Feb 25, 2026
Merged

feat(.claude): add dependabot-pr-automation skill#2781
migmartri merged 2 commits intochainloop-dev:mainfrom
migmartri:worktree-keen-owl-h1ct

Conversation

@migmartri
Copy link
Member

Adds a new Claude skill that automates the review and merging of Dependabot pull requests. The skill lists open Dependabot PRs, assesses risk based on version bump type (patch/minor/major), CI status, and file scope, then auto-approves and merges eligible low-risk PRs while flagging high-risk ones for manual review.

Closes #2780

Closes chainloop-dev#2780

Signed-off-by: Miguel Martinez <miguel@chainloop.dev>
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 1 file

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".claude/skills/dependabot-pr-automation/SKILL.md">

<violation number="1" location=".claude/skills/dependabot-pr-automation/SKILL.md:55">
P2: Step 2b instructs to use `mcp__github__get_pull_request` to check CI status, but the dedicated `mcp__github__get_pull_request_status` tool (declared in `allowed-tools` on line 11) is never referenced in any step. The general PR endpoint may not return detailed check/status information. Step 2b should use `mcp__github__get_pull_request_status` for reliably retrieving CI status, which is critical for the risk assessment logic.</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.

…skill

Step 2b was using the generic get_pull_request tool to check CI status,
while the dedicated mcp__github__get_pull_request_status tool was declared
in allowed-tools but never referenced.

Signed-off-by: Miguel Martinez <miguel@chainloop.dev>
Copy link
Contributor

@matiasinsaurralde matiasinsaurralde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@migmartri migmartri merged commit fc67a00 into chainloop-dev:main Feb 25, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat(.claude): add dependabot-pr-automation skill

3 participants