Auto-analyze dependency-update PRs with Claude#6926
Conversation
Runs a Claude analysis on dependency-update PRs (Dependabot or manually triggered) that posts a single comment summarizing changelogs, breaking changes, and codebase impact for the team. Covers the uv (Python) and github-actions ecosystems. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
|
||
| on: | ||
| pull_request: | ||
| types: [opened, synchronize] |
There was a problem hiding this comment.
What is the rationale for having synchronize here? I know we have this set in hq as well, but same question probably applies for me there. Dependabot opens a new PR if a new version is released, and I don't think we want Claude to do a full analysis if we push a commit to an existing PR to resolve a breaking change right? Or am I missing something here?
There was a problem hiding this comment.
Good point. I thought earlier that it might be useful when we push fixup commits, but your point makes sense. Nothing major would probably change in the commits that we will make so a re-review would not make sense even if it does we can manually trigger it. Updating it.
| echo "ref=$REF" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: Checkout code | ||
| uses: actions/checkout@v4 |
There was a problem hiding this comment.
I think the latest version of checkout is v7.
Environments Affected
None
Summary
Adds a GitHub Actions workflow that runs a Claude analysis on dependency-update PRs and posts a single review comment summarizing changelogs, breaking changes, migration notes, and likely codebase impact under
src/commcare_cloud/.This mirrors the equivalent workflow in commcare-hq, adapted to commcare-cloud's stack (uv for Python, plus the github-actions ecosystem; no JS).
How it triggers
dependabot[bot](including the security-update PRs we already receive).workflow_dispatch, passing a PR number — so we can run it on hand-written dependency-upgrade PRs too.No
dependabot.ymlis added: this only consumes existing Dependabot PRs and manual triggers, and does not change our dependency-update policy.Requirements
The
ANTHROPIC_API_KEYrepo secret must be configured for the workflow to run.🤖 Generated with Claude Code