From c346b22b65f231ad3444fa9c56a6245e28ef880a Mon Sep 17 00:00:00 2001
From: Guillaume Lours <glours@users.noreply.github.com>
Date: Thu, 26 Mar 2026 13:13:01 +0100
Subject: [PATCH] Skip PR review workflow for Dependabot PRs

Dependabot PRs don't have access to the secrets required by the
cagent-action reusable workflow (CAGENT_ORG_MEMBERSHIP_TOKEN), causing
the org membership check to fail with "github-token not supplied".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Guillaume Lours <glours@users.noreply.github.com>
---
 .github/workflows/pr-review.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/pr-review.yml b/.github/workflows/pr-review.yml
index c8888f48b3..7d379530fb 100644
--- a/.github/workflows/pr-review.yml
+++ b/.github/workflows/pr-review.yml
@@ -12,6 +12,10 @@ permissions:
 
 jobs:
   review:
+    if: >-
+      github.event_name == 'issue_comment' ||
+      github.event_name == 'pull_request_review_comment' ||
+      github.event.pull_request.user.login != 'dependabot[bot]'
     uses: docker/cagent-action/.github/workflows/review-pr.yml@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
     # Scoped to the job so other jobs in this workflow aren't over-permissioned
     permissions: