ppkarwasz opened a new pull request, #4148: URL: https://github.com/apache/logging-log4j2/pull/4148
Applies the consumer-side changes from apache/logging-parent#476 so this repository works with the new Dependabot changelog "draft trick". Pushes made with `GITHUB_TOKEN` do not retrigger workflows (GitHub anti-recursion rule), so the changelog commit cannot re-run the required checks on its own. Instead of relying on a privileged PAT, the reusable workflow now appends the changelog commit and parks the PR in draft mode; a maintainer clicks *Ready for review* and enables *Auto-merge* to complete the merge. ## Changes * **`build.yaml`** and **`codeql-analysis.yaml`**: subscribe `pull_request` to explicit types including `ready_for_review`, so the required checks re-run when a Dependabot PR is taken out of draft. * **`process-dependabot.yaml`**: drop the `RECURSIVE_TOKEN` (`DEPENDABOT_TOKEN`) PAT secret, which is no longer needed, and update the permission comments to reflect the draft-based flow. The reusable-workflow references are left at the moving `@gha/v0` tag, which picks up the draft-trick behavior automatically. > [!WARNING] > > Due to the breaking changes in `gha/v0`, Dependabot PR will not work, unless this is merged first. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
